Hi Pat,
On Jan 8, 2013, at 22:52 , Pat Riehecky wrote:
> Hello members of the development list,
>
> With the recent release of 5.9 by upstream, we have gone into build
> mode. So, while the build servers grind away, we are reviewing some of
> our 'extra' packages.
>
> The closed-source Java 6 package needs some review.
IMHO, simply drop that family of packages.
Best regards,
Stephan
> The Sun/Oracle Java package currently in SL5 is Java 6. This is
> scheduled for end of life by Oracle in February 2013.[1] Java 6 has a
> long history of 'Critical' security vulnerabilities.[2]
>
> With no security updates after February 2013,[3] it seems like now is
> the right time to not include the closed-source Java packages in future
> Scientific Linux 5 releases.
>
> This change will not affect existing SL 5 releases. This will only
> impact Scientific Linux 5.9 and any future SL 5 releases.
>
> Scientific Linux 6 does not contain the closed-source Java packages, it
> only has openjdk.
>
> At this time, the openjdk 7 packages in Scientific Linux 6.3 (released)
> and Scientific Linux 5.9 (building) appear to be virtually identical.[4]
> The openjdk 6 packages are also very similar between SL5 and SL6.[5]
> Upstream is committed to actively maintaining OpenJDK.
>
> For Java 7 users, OpenJDK 7 should be "nearly identical" to the closed
> source Java 7.[6]
>
> For Java 6 users, OpenJDK 6 should be sufficient. Since 2008 OpenJDK 6
> has passed the Java SE6 Test Compatibility Kit.[7] This means it should
> be fully compatible with the closed source Java 6 packages. While early
> versions of OpenJDK 6 had some notable issues, most of these are
> believed to be fixed at this point. Applications that may not have
> behaved properly before should be tested against OpenJDK 6 from SL5.8
> or later before being reported as incompatible.
>
> For more history on OpenJDK 6 please review
> http://openjdk.java.net/projects/jdk6/
>
>
>
>
> Are there any objections to not including the closed-source Java
> packages in Scientific Linux 5.9?
>
> Pat
>
>
>
> [1] http://www.oracle.com/technetwork/java/eol-135779.html
>
> [2] TUV-IDs: SA-2008:0594-7, SA-2008:1018-4, SA-2009:0392-1,
> SA-2009:1200-1, SA-2009:1560-1, SA-2010:0337-1,
> SA-2010:0356-2, SA-2010:0770-1, SA-2011:0282-1,
> SA-2011:0860-1, SA-2011:1384-1, SA-2012:0139-1,
> SA-2012:0734-1, SA-2012:1392-1
>
> [3] Updates can be purchased from Oracle, but those are not eligible
> for redistribution
>
> [4] For SL6.3 the current openjdk 7 packages are version 1.7.0.9-2.3.3.2.el6_3
> For SL5.9 the current openjdk 7 packages will be version
> 1.7.0.9-2.3.3.el5.1
>
> [5]For SL6.3 the current openjdk 6 packages are version 1.6.0.0-1.50.1.11.5.el6_3
> For SL5.9 the current openjdk 6 packages will be version
> 1.6.0.0-1.30.1.11.5.el5
>
> [6] http://weblogs.java.net/blog/robogeek/archive/2009/01/it_will_be_open.html
>
> [7] http://openjdk.java.net/faq/
--
Stephan Wiesand
DESY -DV-
Platanenenallee 6
15738 Zeuthen, Germany
|