On 05/31/2012 09:33 PM, Fernando Lozano wrote:
> > OpenJDK6 will no longer get security updates after November
2012:
> >
http://mail.openjdk.java.net/pipermail/discuss/2012-February/002514.html
> > A large part of the problem is that we will not have access to all the
> > security vulnerability information as it is not made public. That will
> > make it very difficult to fix the underlying issues. I am guessing
> > that a lot of people who will use the Oracle JDK6 beyond the EOL date
> > will probably run the version last available before EOL. We cannot
> > ship such insecure versions in Fedora though.
I don't understand why Oracle JDK EOF affects OpenJDK. I suppose
code is
commited to OpenJDK and then moved to Oracle JDK as with most sane open
source projects with a commercial edition. Am I wrong, and Oracle
developers their JDK at closed doors, and later pushes their patches to
OpenJDK?
Yes, you are.
And couldn't / shouldn't OpenJDK have its own bug track
system, and
should't it be the primary one, instead of the Oracle bug tracking?
Yes, and that is going to happen, but it's a longer-term goal. But
in any case, I would be opposed to Fedora doing long-term support on
an obsolete version of Java. It really isn't Fedora's mission. Fedora
is all about producing a first-class distro based on the latest software.
But even using your rationale, why GCJ, which is Java 5, is still in
Fedora 17?
Because it's still useful, and its upstream is not dead.
Andrew.