Hi Pat, On Jan 8, 2013, at 22:52 , Pat Riehecky wrote: > Hello members of the development list, > > With the recent release of 5.9 by upstream, we have gone into build > mode. So, while the build servers grind away, we are reviewing some of > our 'extra' packages. > > The closed-source Java 6 package needs some review. IMHO, simply drop that family of packages. Best regards, Stephan > The Sun/Oracle Java package currently in SL5 is Java 6. This is > scheduled for end of life by Oracle in February 2013.[1] Java 6 has a > long history of 'Critical' security vulnerabilities.[2] > > With no security updates after February 2013,[3] it seems like now is > the right time to not include the closed-source Java packages in future > Scientific Linux 5 releases. > > This change will not affect existing SL 5 releases. This will only > impact Scientific Linux 5.9 and any future SL 5 releases. > > Scientific Linux 6 does not contain the closed-source Java packages, it > only has openjdk. > > At this time, the openjdk 7 packages in Scientific Linux 6.3 (released) > and Scientific Linux 5.9 (building) appear to be virtually identical.[4] > The openjdk 6 packages are also very similar between SL5 and SL6.[5] > Upstream is committed to actively maintaining OpenJDK. > > For Java 7 users, OpenJDK 7 should be "nearly identical" to the closed > source Java 7.[6] > > For Java 6 users, OpenJDK 6 should be sufficient. Since 2008 OpenJDK 6 > has passed the Java SE6 Test Compatibility Kit.[7] This means it should > be fully compatible with the closed source Java 6 packages. While early > versions of OpenJDK 6 had some notable issues, most of these are > believed to be fixed at this point. Applications that may not have > behaved properly before should be tested against OpenJDK 6 from SL5.8 > or later before being reported as incompatible. > > For more history on OpenJDK 6 please review > http://openjdk.java.net/projects/jdk6/ > > > > > Are there any objections to not including the closed-source Java > packages in Scientific Linux 5.9? > > Pat > > > > [1] http://www.oracle.com/technetwork/java/eol-135779.html > > [2] TUV-IDs: SA-2008:0594-7, SA-2008:1018-4, SA-2009:0392-1, > SA-2009:1200-1, SA-2009:1560-1, SA-2010:0337-1, > SA-2010:0356-2, SA-2010:0770-1, SA-2011:0282-1, > SA-2011:0860-1, SA-2011:1384-1, SA-2012:0139-1, > SA-2012:0734-1, SA-2012:1392-1 > > [3] Updates can be purchased from Oracle, but those are not eligible > for redistribution > > [4] For SL6.3 the current openjdk 7 packages are version 1.7.0.9-2.3.3.2.el6_3 > For SL5.9 the current openjdk 7 packages will be version > 1.7.0.9-2.3.3.el5.1 > > [5]For SL6.3 the current openjdk 6 packages are version 1.6.0.0-1.50.1.11.5.el6_3 > For SL5.9 the current openjdk 6 packages will be version > 1.6.0.0-1.30.1.11.5.el5 > > [6] http://weblogs.java.net/blog/robogeek/archive/2009/01/it_will_be_open.html > > [7] http://openjdk.java.net/faq/ -- Stephan Wiesand DESY -DV- Platanenenallee 6 15738 Zeuthen, Germany