On 02/11/2013 05:23 PM, Linda Jacobson wrote: > Hello, > Will someone on this email list please answer these questions: > 1. Oracle recently (2/1) released an emergency update to java se > 7, that fixed most open security issues. Since openjdk is the reference > implementation for Java SE, does this mean that all updates are entered > into openjdk first? Not necessarily. > 2. Red Hat released a new version of openjdk 6, that fixed "many" > security bugs, as well as other issues. Does it fix all the ones fixed > by Oracle? The security holes are the same in openjdk 6 and openjdk 7. > 3. What is the current status of openjdk 7, with respect to the > documented security vulnerabilities? We fixed the vulnerabilities in http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html#AppendixJAVA > 4. How do Red Hat and Oracle interact with respect to openjdk > releases, since I thought openjdk had its own people controlling releases? We get patches from Oracle's support people and apply them to Fedora packages. OpenJDK doesn't have any separate staff. Oracle, Red Hat, and others work on OpenJDK. Andrew. -- java-devel mailing list java-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/java-devel
