FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Java

 
 
LinkBack Thread Tools
 
Old 09-28-2011, 10:15 AM
Simon McVittie
 
Default openjdk-6 security update

(Please cc me, I'm not subscribed to -security or -java.)

On Tue, 27 Sep 2011 at 22:10:30 +0200, Florian Weimer wrote:
> In addition, this update removes support for the Zero/Shark and Cacao
> Hotspot variants from the i386 and amd64 due to stability issues.
> These Hotspot variants are included in the openjdk-6-jre-zero and
> icedtea-6-jre-cacao packages, and these packages must be removed
> during this update.

Would it be possible to provide some sort of empty transitional package for
those Hotspot variants in order to get rid of them? At the moment a
default Debian squeeze desktop installation, with openoffice.org added, needs
this update but won't carry it out without input from a knowledgeable user:

* openoffice.org depends on a JRE

* the JRE released with squeeze recommends icedtea-6-jre-cacao (even on x86 -
I'm not sure why)

* update-manager-gnome is in the default Debian desktop's notification area,
and is how we encourage non-technical users to apply security updates

* when presented with an upgrade that will add or remove packages,
update-manager presents a message similar to "This update will add or remove
packages, do you want to do a safe-upgrade instead?" - a non-technical user
can't really make an informed decision here, and the conservative answer
is "yes, do a safe-upgrade"

* doing a safe-upgrade will only upgrade openjdk-6-jre-lib and not the rest
of OpenJDK (without in-depth knowledge of Java, I don't know whether this
fixes all of the vulnerabilities in this advisory)

* doing the upgrade in Synaptic does the right thing (asks the user if it's
OK to remove icedtea-6-jre-cacao); you and I know that icedtea-6-jre-cacao
is unnecessary, but a non-technical user can't really make an informed
decision here

Thanks,
S


--
To UNSUBSCRIBE, email to debian-java-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110928101536.GA6149@reptile.pseudorandom.co.uk"> http://lists.debian.org/20110928101536.GA6149@reptile.pseudorandom.co.uk
 
Old 09-28-2011, 06:28 PM
Florian Weimer
 
Default openjdk-6 security update

* Simon McVittie:

> Would it be possible to provide some sort of empty transitional package for
> those Hotspot variants in order to get rid of them?

I don't think we use transitional packages for this purpose.

I think adding a Replaces: icedtea-6-jre-cacao to
openjdk-6-jre-headless (on i386 and amd64 only) and dropping the
Recommends: would do the trick.

I'm sorry I missed that icedtea-6-jre-cacao is extremely widely
installed. It's certainly not used, though.


--
To UNSUBSCRIBE, email to debian-java-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87vcsc7c8n.fsf@mid.deneb.enyo.de">http://lists.debian.org/87vcsc7c8n.fsf@mid.deneb.enyo.de
 

Thread Tools




All times are GMT. The time now is 08:01 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org