Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 12 Mar 2011 08:24:53 -0800 (PST)
From:      Roger Marquis <marquis@roble.com>
To:        Rob Farmer <rfarmer@predatorlabs.net>
Cc:        freebsd-java@freebsd.org
Subject:   Re: AW: Question Update Java Security Updates
Message-ID:  <20110312162454.9790E106566C@hub.freebsd.org>
In-Reply-To: <AANLkTikk7jyNnw1nS7K4jgCXpSeZ0oUMVZ1VyO-N9mMJ@mail.gmail.com>
References:  <20110310120028.6013310656B0@hub.freebsd.org> <20110310161721.59652106566B@hub.freebsd.org> <AANLkTikk7jyNnw1nS7K4jgCXpSeZ0oUMVZ1VyO-N9mMJ@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
>> The reason for that is that they haven't been necessary.  This cannot be
>> said for openjdk, not yet at least.
>>
>
> There have been 191 "vulnerabilities" for the lifetime of JDK 1.6,
> according to Secunia. java/jdk16 is at update 4 out of 24. Unless you
> are running only trusted local apps with no networking support, that
> is highly dubious.

Vulnerability is relative to your application of course.  The
"vulnerabilities" you site for JDK have not been relevant to my servers
or apps or most commonly used apps (other than webstart).  That cannot be
said for the Openjdk.

But equating advisories with vulnerabilities does bring up an important
point, and I expect religious preferences will continue to take
precedence over actual user experience.

Roger Marquis



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110312162454.9790E106566C>