LISTSERV - SCIENTIFIC-LINUX-DEVEL Archives

SCIENTIFIC-LINUX-DEVEL Archives

January 2013

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-DEVEL Home
	SCIENTIFIC-LINUX-DEVEL January 2013

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	SL 5.9 and closed-source Java 6
From:	Pat Riehecky <[log in to unmask]>
Reply To:	Pat Riehecky <[log in to unmask]>
Date:	Tue, 8 Jan 2013 15:52:09 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (81 lines)

Hello members of the development list,

With the recent release of 5.9 by upstream, we have gone into build
mode.  So, while the build servers grind away, we are reviewing some of
our 'extra' packages.

The closed-source Java 6 package needs some review.

The Sun/Oracle Java package currently in SL5 is Java 6.  This is
scheduled for end of life by Oracle in February 2013.[1]  Java 6 has a
long history of 'Critical' security vulnerabilities.[2]

With no security updates after February 2013,[3] it seems like now is
the right time to not include the closed-source Java packages in future
Scientific Linux 5 releases.

This change will not affect existing SL 5 releases. This will only
impact Scientific Linux 5.9 and any future SL 5 releases.

Scientific Linux 6 does not contain the closed-source Java packages, it
only has openjdk.

At this time, the openjdk 7 packages in Scientific Linux 6.3 (released)
and Scientific Linux 5.9 (building) appear to be virtually identical.[4]
The openjdk 6 packages are also very similar between SL5 and SL6.[5]
Upstream is committed to actively maintaining OpenJDK.

For Java 7 users, OpenJDK 7 should be "nearly identical" to the closed
source Java 7.[6]

For Java 6 users, OpenJDK 6 should be sufficient.  Since 2008 OpenJDK 6
has passed the Java SE6 Test Compatibility Kit.[7]  This means it should
be fully compatible with the closed source Java 6 packages.  While early
versions of OpenJDK 6 had some notable issues, most of these are
believed to be fixed at this point.  Applications that may not have
behaved properly before should be tested against OpenJDK 6 from SL5.8
or later before being reported as incompatible.

For more history on OpenJDK 6 please review
http://openjdk.java.net/projects/jdk6/




Are there any objections to not including the closed-source Java
packages in Scientific Linux 5.9?

Pat



[1] http://www.oracle.com/technetwork/java/eol-135779.html

[2] TUV-IDs: SA-2008:0594-7, SA-2008:1018-4, SA-2009:0392-1,
              SA-2009:1200-1, SA-2009:1560-1, SA-2010:0337-1,
              SA-2010:0356-2, SA-2010:0770-1, SA-2011:0282-1,
              SA-2011:0860-1, SA-2011:1384-1, SA-2012:0139-1,
              SA-2012:0734-1, SA-2012:1392-1

[3] Updates can be purchased from Oracle, but those are not eligible
for redistribution

[4] For SL6.3 the current openjdk 7 packages are version 
1.7.0.9-2.3.3.2.el6_3
     For SL5.9 the current openjdk 7 packages will be version
1.7.0.9-2.3.3.el5.1

[5]For SL6.3 the current openjdk 6 packages are version 
1.6.0.0-1.50.1.11.5.el6_3
     For SL5.9 the current openjdk 6 packages will be version
1.6.0.0-1.30.1.11.5.el5

[6] 
http://weblogs.java.net/blog/robogeek/archive/2009/01/it_will_be_open.html

[7] http://openjdk.java.net/faq/

-- 
Pat Riehecky
Scientific Linux Developer

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV