LISTSERV - SCIENTIFIC-LINUX-DEVEL Archives

SCIENTIFIC-LINUX-DEVEL Archives

September 2012

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-DEVEL Home
	SCIENTIFIC-LINUX-DEVEL September 2012

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: jdk updates - was Re: Security ERRATA Important: java-1.6.0-openjdk on SL5.x i386/x86_64
From:	Dr Andrew C Aitchison <[log in to unmask]>
Reply To:	Dr Andrew C Aitchison <[log in to unmask]>
Date:	Thu, 6 Sep 2012 08:03:10 +0100
Content-Type:	text/plain
Parts/Attachments:	text/plain (56 lines)

On Wed, 5 Sep 2012, Pat Riehecky wrote:
> On 09/05/2012 11:07 AM, Dr Andrew C Aitchison wrote:
>> On Tue, 4 Sep 2012, Pat Riehecky wrote:
>>
>> > Synopsis:          Important: java-1.6.0-openjdk security update
>> > Issue Date:        2012-09-03
>> > CVE Numbers:       CVE-2012-1682
>> >                   CVE-2012-0547
>> >
>> > These packages provide the OpenJDK 6 Java Runtime Environment and the
>> > OpenJDK 6 Software Development Kit.
>>
>> Is this update as well as, or instead of an update to the Sun/Oracle
>> jdk package which Scientific Linux 5 has shipped for the past few
>> years (IIRC this was not a RHEL package) ?
>>
>> I know that these are not (and IIRC have never been) included in SL6
>> and that there are signature problems.
>> I can get similar packages direct from Oracle
>> http://www.oracle.com/technetwork/java/javase/downloads/jre6u35-downloads-1836473.html
>> if I know not to expect them from SL.

> This is the openjdk version of that same update.  Openjdk is packaged by 
> upstream.

True, but not an answer to my question.

SL5.8 shipped with the Sun jdk and java-1.6.0-sun-compat
http://listserv.fnal.gov/scripts/wa.exe?A2=ind1204&L=SCIENTIFIC-LINUX-USERS&P=R15298&D=0&H=0&I=-3&O=T&T=0&m=11628

When you announced the security update to jdk-1.6.0_33-fcs and
java-1.6.0-sun-compat-1.6.0.33-3.sl5.jpp
http://listserv.fnal.gov/scripts/wa.exe?A2=ind1206&L=scientific-linux-users&T=0&P=10114
you mentioned that moving to openjdk was an option, but neither there
nor in 
http://listserv.fnal.gov/scripts/wa.exe?A2=ind1207&L=scientific-linux-errata&T=0&P=75
when these packages went live did you say that that would be the last
Sun jdk release for SL5.

Have I missed an announcement that 1.6.0_33 is the last Sun
java package that will be released by SL for SL5 ?
I'd understand if you are dropping it, but it would be helpful
to know for sure.

I'm in two minds about suggesting a dummy package in the spirit of
http://ftp.scientificlinux.org/linux/scientific/obsolete/40rolling/i386/apt/SRPMS.updates/mozilla-1.7.13-1.4.9.SWITCH.TO.SEAMONKEY.1.src.rpm
This could enforce the transition awau from Sun/Oracle java,
but would break the Sun/Oracle jdk package for those who need to
download it direct from Oracle for some reason.

Thanks for clarifying,

-- 
Dr. Andrew C. Aitchison		Computer Officer, DPMMS, Cambridge
[log in to unmask]	http://www.dpmms.cam.ac.uk/~werdna

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV