Date: Mon, 13 Jul 2015 11:59:58 -0400 From: Jung-uk Kim <jkim@FreeBSD.org> To: Mark Felder <feld@feld.me>, Xin Li <delphij@delphij.net>, ports-secteam@FreeBSD.org Cc: java@freebsd.org Subject: Re: Eradication of old java Message-ID: <55A3E07E.7020300@FreeBSD.org> In-Reply-To: <1436802846.1406670.322470913.69B2C944@webmail.messagingengine.com> References: <1436722739.2838428.321692425.3A1ABDF2@webmail.messagingengine.com> <55A2BB79.6030907@delphij.net> <1436729497.3932791.321743777.380D37FD@webmail.messagingengine.com> <55A3DEBF.1070302@FreeBSD.org> <1436802846.1406670.322470913.69B2C944@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/13/2015 11:54, Mark Felder wrote: > > > On Mon, Jul 13, 2015, at 10:52, Jung-uk Kim wrote: >> On 07/12/2015 15:31, Mark Felder wrote: >>> >>> >>> On Sun, Jul 12, 2015, at 14:09, Xin Li wrote: >>>> >>>> On 7/12/15 10:38, Mark Felder wrote: >>>>> How long before we start to eradicate old java from the >>>>> ports tree? I'm actually in the process of updating a >>>>> couple ports of mine to require Java 1.8 now that it is >>>>> supported, vs 1.6 as users currently are being required to >>>>> use. >>>>> >>>>> Java 6 was EoL last year, Java 7 in April this year. >>>>> >>>>> I'm considering doing a search of the ports tree to gather >>>>> some info and see how many can just have the java >>>>> requirement bumped. >>>> >>>> I think we should move this discussion to -java@ and/or >>>> maintainers -- there is no known security issues and it's >>>> better to give it more public exposure. >>>> >>>> My suggestion would be to deprecate both Java 6 and 7 now >>>> and remove them after a few (3?) months if there is nobody >>>> volunteering to maintain them. >>>> >>>> (IIRC Java 6 have some security settings that e.g. IPMI >>>> console applications require, but I doubt if FreeBSD users >>>> actually use these because such applications usually ships >>>> with some native binary blobs) >>>> >>> >>> Is Java 6 and 7 still receiving updates through OpenJDK >>> upstream? As far as I'm aware they are not, so the next batch >>> of CVEs that come out put those users in a bad position. >>> >>> Can java@ team provide any details? >> >> Both OpenJDK6 and OpenJDK7 are actively maintained. For >> example, there will be OpenJDK6 b36 soon: >> >> https://java.net/jira/browse/OPENJDK6-60 >> >> Jung-uk Kim >> > > So it is only Oracle's non-OpenJDK distribution of Java 6 and Java > 7 that is ceasing public updates? Correct. Jung-uk Kim -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVo+B5AAoJEHyflib82/FGXr4H/1NIeeph6cinBHE7/JCGuTbD VuQXElscYN7HXQ+zWbBfE25fLuCrxjmgS/7+UcTMF8xEcIU15kQCP3mC3kWVOxt5 gzt5SwzgU2o2zinWJXfrnpYerdbbkqOf9bKIHVWQLQKZOTcStxAgWAlrKbMX6UCe Ji8Nkz/GN8Pzd7wtQ5PKUNAHoKg69ITTffaiK4xjGUMcLY8t1LJIMBGlJEFBhaqM 9Bw8WHNAwlAM1UDuOO3ANjmznPSjOlQkhSnWHnFyhsdoI78Sr5RuGl6Rh03mvqje H5ftkJbx+sKLgxKdRNWfkB6HpwfUe/8iNJy//Yo3MWNXWly4NSHyvB21yKgz3v8= =Phx1 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55A3E07E.7020300>