First, thaks a lot for you patience explaining things you and other
OpenJDK developers should already have discussed to exaustion.
OpenJDK6 will no longer get security updates after November 2012:
http://mail.openjdk.java.net/pipermail/discuss/2012-February/002514.html
A large part of the problem is that we will not have access to all the
security vulnerability information as it is not made public. That will
make it very difficult to fix the underlying issues. I am guessing
that a lot of people who will use the Oracle JDK6 beyond the EOL date
will probably run the version last available before EOL. We cannot
ship such insecure versions in Fedora though.
I don't understand why Oracle JDK EOF affects OpenJDK. I suppose code is
commited to OpenJDK and then moved to Oracle JDK as with most sane open
source projects with a commercial edition. Am I wrong, and Oracle
developers their JDK at closed doors, and later pushes their patches to
OpenJDK?
And couldn't / shouldn't OpenJDK have its own bug track system, and
should't it be the primary one, instead of the Oracle bug tracking?
You could at least package OpenJDK7 in a way it doesn't obsoletes OpenJDK6, so if anyone wants to mantain an OpenJDK6 repo for F17 and beyond they can do so.
The obsoletes was added on purpose. It was added because many packages
require java>= 1:1.6.0. If 7 does not not obsolete 6, older systems
(F15/16) that have 6 will not necessarily pull in 7 as 6 will satisfy
this dependency. However the package will not actually work with 6
because all new packages are being compiled with 7 which produces a
newer bytecode that 6 does not understand. This was the bug that
prompted obsoleting of 6:
For me it looks like the real fix would be updating the require
statatement on each package spec.
But even using your rationale, why GCJ, which is Java 5, is still in
Fedora 17? The same resons to purge OpenJDK6 would be valid to purge
GCJ. If GCJ can be kept, although not being able to run the java
packages included as part of the distro, OpenJDK6 could be kept also.
I am used to open source communities, for example apache tomcat and
postgresql, supporting older releases much longer than commercial
counterparts, for example websphere and oracle db, because this meets a
real user need. I can't understand why OpenJDK / IcedTea cannot do the
same, and have to bown down to Oracle EOL.
[]s, Fernando Lozano
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
05-31-2012, 08:33 PM
Fernando Lozano
How to install OpenJDK6 on F17
Hi Deepak,
First, thaks a lot for you patience explaining things you and other
OpenJDK developers should already have discussed to exaustion.
OpenJDK6 will no longer get security updates after November 2012:
http://mail.openjdk.java.net/pipermail/discuss/2012-February/002514.html
A large part of the problem is that we will not have access to all the
security vulnerability information as it is not made public. That will
make it very difficult to fix the underlying issues. I am guessing
that a lot of people who will use the Oracle JDK6 beyond the EOL date
will probably run the version last available before EOL. We cannot
ship such insecure versions in Fedora though.
I don't understand why Oracle JDK EOF affects OpenJDK. I suppose code is
commited to OpenJDK and then moved to Oracle JDK as with most sane open
source projects with a commercial edition. Am I wrong, and Oracle
developers their JDK at closed doors, and later pushes their patches to
OpenJDK?
And couldn't / shouldn't OpenJDK have its own bug track system, and
should't it be the primary one, instead of the Oracle bug tracking?
You could at least package OpenJDK7 in a way it doesn't obsoletes OpenJDK6, so if anyone wants to mantain an OpenJDK6 repo for F17 and beyond they can do so.
The obsoletes was added on purpose. It was added because many packages
require java>= 1:1.6.0. If 7 does not not obsolete 6, older systems
(F15/16) that have 6 will not necessarily pull in 7 as 6 will satisfy
this dependency. However the package will not actually work with 6
because all new packages are being compiled with 7 which produces a
newer bytecode that 6 does not understand. This was the bug that
prompted obsoleting of 6:
For me it looks like the real fix would be updating the require
statatement on each package spec.
But even using your rationale, why GCJ, which is Java 5, is still in
Fedora 17? The same resons to purge OpenJDK6 would be valid to purge
GCJ. If GCJ can be kept, although not being able to run the java
packages included as part of the distro, OpenJDK6 could be kept also.
I am used to open source communities, for example apache tomcat and
postgresql, supporting older releases much longer than commercial
counterparts, for example websphere and oracle db, because this meets a
real user need. I can't understand why OpenJDK / IcedTea cannot do the
same, and have to bown down to Oracle EOL.
[]s, Fernando Lozano
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
06-01-2012, 09:40 AM
Andrew Haley
How to install OpenJDK6 on F17
On 05/31/2012 09:33 PM, Fernando Lozano wrote:
>> > OpenJDK6 will no longer get security updates after November 2012:
>> > http://mail.openjdk.java.net/pipermail/discuss/2012-February/002514.html
>> > A large part of the problem is that we will not have access to all the
>> > security vulnerability information as it is not made public. That will
>> > make it very difficult to fix the underlying issues. I am guessing
>> > that a lot of people who will use the Oracle JDK6 beyond the EOL date
>> > will probably run the version last available before EOL. We cannot
>> > ship such insecure versions in Fedora though.
> I don't understand why Oracle JDK EOF affects OpenJDK. I suppose code is
> commited to OpenJDK and then moved to Oracle JDK as with most sane open
> source projects with a commercial edition. Am I wrong, and Oracle
> developers their JDK at closed doors, and later pushes their patches to
> OpenJDK?
Yes, you are.
> And couldn't / shouldn't OpenJDK have its own bug track system, and
> should't it be the primary one, instead of the Oracle bug tracking?
Yes, and that is going to happen, but it's a longer-term goal. But
in any case, I would be opposed to Fedora doing long-term support on
an obsolete version of Java. It really isn't Fedora's mission. Fedora
is all about producing a first-class distro based on the latest software.
> But even using your rationale, why GCJ, which is Java 5, is still in
> Fedora 17?
Because it's still useful, and its upstream is not dead.
Andrew.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
06-01-2012, 09:40 AM
Andrew Haley
How to install OpenJDK6 on F17
On 05/31/2012 09:33 PM, Fernando Lozano wrote:
>> > OpenJDK6 will no longer get security updates after November 2012:
>> > http://mail.openjdk.java.net/pipermail/discuss/2012-February/002514.html
>> > A large part of the problem is that we will not have access to all the
>> > security vulnerability information as it is not made public. That will
>> > make it very difficult to fix the underlying issues. I am guessing
>> > that a lot of people who will use the Oracle JDK6 beyond the EOL date
>> > will probably run the version last available before EOL. We cannot
>> > ship such insecure versions in Fedora though.
> I don't understand why Oracle JDK EOF affects OpenJDK. I suppose code is
> commited to OpenJDK and then moved to Oracle JDK as with most sane open
> source projects with a commercial edition. Am I wrong, and Oracle
> developers their JDK at closed doors, and later pushes their patches to
> OpenJDK?
Yes, you are.
> And couldn't / shouldn't OpenJDK have its own bug track system, and
> should't it be the primary one, instead of the Oracle bug tracking?
Yes, and that is going to happen, but it's a longer-term goal. But
in any case, I would be opposed to Fedora doing long-term support on
an obsolete version of Java. It really isn't Fedora's mission. Fedora
is all about producing a first-class distro based on the latest software.
> But even using your rationale, why GCJ, which is Java 5, is still in
> Fedora 17?
Because it's still useful, and its upstream is not dead.
Andrew.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
How to install OpenJDK6 on F17
