Date: Mon, 13 Jul 2015 07:08:20 +0200 From: Matthias Petermann <matthias@petermann-it.de> To: freebsd-java@freebsd.org Subject: Re: Eradication of old java Message-ID: <55A347C4.5060302@petermann-it.de> In-Reply-To: <1436729497.3932791.321743777.380D37FD@webmail.messagingengine.com> References: <1436722739.2838428.321692425.3A1ABDF2@webmail.messagingengine.com> <55A2BB79.6030907@delphij.net> <1436729497.3932791.321743777.380D37FD@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, On 12.07.2015 21:31, Mark Felder wrote: > > On Sun, Jul 12, 2015, at 14:09, Xin Li wrote: >> On 7/12/15 10:38, Mark Felder wrote: >>> How long before we start to eradicate old java from the ports tree? >>> I'm actually in the process of updating a couple ports of mine to >>> require Java 1.8 now that it is supported, vs 1.6 as users >>> currently are being required to use. >>> >>> Java 6 was EoL last year, Java 7 in April this year. >>> >>> I'm considering doing a search of the ports tree to gather some >>> info and see how many can just have the java requirement bumped. >> I think we should move this discussion to -java@ and/or maintainers -- >> there is no known security issues and it's better to give it more >> public exposure. >> >> My suggestion would be to deprecate both Java 6 and 7 now and remove >> them after a few (3?) months if there is nobody volunteering to >> maintain them. >> >> (IIRC Java 6 have some security settings that e.g. IPMI console >> applications require, but I doubt if FreeBSD users actually use these >> because such applications usually ships with some native binary blobs) >> > Is Java 6 and 7 still receiving updates through OpenJDK upstream? As far > as I'm aware they are not, so the next batch of CVEs that come out put > those users in a bad position. > > Can java@ team provide any details? It looks like RedHat had taken over stewardship for OpenJDK 6 [1]and OpenJDK 7 [2]. I did not find a road map there but it can be assumed that they support it until EOL of their enterprise Linux distributions RHEL 5 (OpenJDK is the default Java there) and RHEL 6. Would be interesting to find out where updated sources are available (and if they maintain the original sources or provide source code patches or binary patches only?). Best regards, Matthias [1] http://www.redhat.com/en/about/press-releases/red-hat-reinforces-java-commitment-and-assumes-leadership-openjdk-6-community [2] http://www.redhat.com/en/about/press-releases/stewardship-openjdk-7-project-shifts-red-hat
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55A347C4.5060302>