Hello members of the development list, With the recent release of 5.9 by upstream, we have gone into build mode. So, while the build servers grind away, we are reviewing some of our 'extra' packages. The closed-source Java 6 package needs some review. The Sun/Oracle Java package currently in SL5 is Java 6. This is scheduled for end of life by Oracle in February 2013.[1] Java 6 has a long history of 'Critical' security vulnerabilities.[2] With no security updates after February 2013,[3] it seems like now is the right time to not include the closed-source Java packages in future Scientific Linux 5 releases. This change will not affect existing SL 5 releases. This will only impact Scientific Linux 5.9 and any future SL 5 releases. Scientific Linux 6 does not contain the closed-source Java packages, it only has openjdk. At this time, the openjdk 7 packages in Scientific Linux 6.3 (released) and Scientific Linux 5.9 (building) appear to be virtually identical.[4] The openjdk 6 packages are also very similar between SL5 and SL6.[5] Upstream is committed to actively maintaining OpenJDK. For Java 7 users, OpenJDK 7 should be "nearly identical" to the closed source Java 7.[6] For Java 6 users, OpenJDK 6 should be sufficient. Since 2008 OpenJDK 6 has passed the Java SE6 Test Compatibility Kit.[7] This means it should be fully compatible with the closed source Java 6 packages. While early versions of OpenJDK 6 had some notable issues, most of these are believed to be fixed at this point. Applications that may not have behaved properly before should be tested against OpenJDK 6 from SL5.8 or later before being reported as incompatible. For more history on OpenJDK 6 please review http://openjdk.java.net/projects/jdk6/ Are there any objections to not including the closed-source Java packages in Scientific Linux 5.9? Pat [1] http://www.oracle.com/technetwork/java/eol-135779.html [2] TUV-IDs: SA-2008:0594-7, SA-2008:1018-4, SA-2009:0392-1, SA-2009:1200-1, SA-2009:1560-1, SA-2010:0337-1, SA-2010:0356-2, SA-2010:0770-1, SA-2011:0282-1, SA-2011:0860-1, SA-2011:1384-1, SA-2012:0139-1, SA-2012:0734-1, SA-2012:1392-1 [3] Updates can be purchased from Oracle, but those are not eligible for redistribution [4] For SL6.3 the current openjdk 7 packages are version 1.7.0.9-2.3.3.2.el6_3 For SL5.9 the current openjdk 7 packages will be version 1.7.0.9-2.3.3.el5.1 [5]For SL6.3 the current openjdk 6 packages are version 1.6.0.0-1.50.1.11.5.el6_3 For SL5.9 the current openjdk 6 packages will be version 1.6.0.0-1.30.1.11.5.el5 [6] http://weblogs.java.net/blog/robogeek/archive/2009/01/it_will_be_open.html [7] http://openjdk.java.net/faq/ -- Pat Riehecky Scientific Linux Developer