SCIENTIFIC-LINUX-DEVEL Archives

January 2013

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: SL 5.9 and closed-source Java 6
From:
Stephan Wiesand <[log in to unmask]>
Reply To:
Stephan Wiesand <[log in to unmask]>
Date:
Wed, 9 Jan 2013 22:33:22 +0100
Content-Type:
text/plain
Parts/Attachments:
text/plain (89 lines) 
Hi Pat,

On Jan 8, 2013, at 22:52 , Pat Riehecky wrote:

> Hello members of the development list,
> 
> With the recent release of 5.9 by upstream, we have gone into build
> mode.  So, while the build servers grind away, we are reviewing some of
> our 'extra' packages.
> 
> The closed-source Java 6 package needs some review.

IMHO, simply drop that family of packages.

Best regards,
	Stephan

> The Sun/Oracle Java package currently in SL5 is Java 6.  This is
> scheduled for end of life by Oracle in February 2013.[1]  Java 6 has a
> long history of 'Critical' security vulnerabilities.[2]
> 
> With no security updates after February 2013,[3] it seems like now is
> the right time to not include the closed-source Java packages in future
> Scientific Linux 5 releases.
> 
> This change will not affect existing SL 5 releases. This will only
> impact Scientific Linux 5.9 and any future SL 5 releases.
> 
> Scientific Linux 6 does not contain the closed-source Java packages, it
> only has openjdk.
> 
> At this time, the openjdk 7 packages in Scientific Linux 6.3 (released)
> and Scientific Linux 5.9 (building) appear to be virtually identical.[4]
> The openjdk 6 packages are also very similar between SL5 and SL6.[5]
> Upstream is committed to actively maintaining OpenJDK.
> 
> For Java 7 users, OpenJDK 7 should be "nearly identical" to the closed
> source Java 7.[6]
> 
> For Java 6 users, OpenJDK 6 should be sufficient.  Since 2008 OpenJDK 6
> has passed the Java SE6 Test Compatibility Kit.[7]  This means it should
> be fully compatible with the closed source Java 6 packages.  While early
> versions of OpenJDK 6 had some notable issues, most of these are
> believed to be fixed at this point.  Applications that may not have
> behaved properly before should be tested against OpenJDK 6 from SL5.8
> or later before being reported as incompatible.
> 
> For more history on OpenJDK 6 please review
> http://openjdk.java.net/projects/jdk6/
> 
> 
> 
> 
> Are there any objections to not including the closed-source Java
> packages in Scientific Linux 5.9?
> 
> Pat
> 
> 
> 
> [1] http://www.oracle.com/technetwork/java/eol-135779.html
> 
> [2] TUV-IDs: SA-2008:0594-7, SA-2008:1018-4, SA-2009:0392-1,
>             SA-2009:1200-1, SA-2009:1560-1, SA-2010:0337-1,
>             SA-2010:0356-2, SA-2010:0770-1, SA-2011:0282-1,
>             SA-2011:0860-1, SA-2011:1384-1, SA-2012:0139-1,
>             SA-2012:0734-1, SA-2012:1392-1
> 
> [3] Updates can be purchased from Oracle, but those are not eligible
> for redistribution
> 
> [4] For SL6.3 the current openjdk 7 packages are version 1.7.0.9-2.3.3.2.el6_3
>    For SL5.9 the current openjdk 7 packages will be version
> 1.7.0.9-2.3.3.el5.1
> 
> [5]For SL6.3 the current openjdk 6 packages are version 1.6.0.0-1.50.1.11.5.el6_3
>    For SL5.9 the current openjdk 6 packages will be version
> 1.6.0.0-1.30.1.11.5.el5
> 
> [6] http://weblogs.java.net/blog/robogeek/archive/2009/01/it_will_be_open.html
> 
> [7] http://openjdk.java.net/faq/

-- 
Stephan Wiesand
DESY -DV-
Platanenenallee 6
15738 Zeuthen, Germany

ATOM RSS1 RSS2