On 05/31/2012 09:33 PM, Fernando Lozano wrote: >> > OpenJDK6 will no longer get security updates after November 2012: >> > http://mail.openjdk.java.net/pipermail/discuss/2012-February/002514.html >> > A large part of the problem is that we will not have access to all the >> > security vulnerability information as it is not made public. That will >> > make it very difficult to fix the underlying issues. I am guessing >> > that a lot of people who will use the Oracle JDK6 beyond the EOL date >> > will probably run the version last available before EOL. We cannot >> > ship such insecure versions in Fedora though. > I don't understand why Oracle JDK EOF affects OpenJDK. I suppose code is > commited to OpenJDK and then moved to Oracle JDK as with most sane open > source projects with a commercial edition. Am I wrong, and Oracle > developers their JDK at closed doors, and later pushes their patches to > OpenJDK? Yes, you are. > And couldn't / shouldn't OpenJDK have its own bug track system, and > should't it be the primary one, instead of the Oracle bug tracking? Yes, and that is going to happen, but it's a longer-term goal. But in any case, I would be opposed to Fedora doing long-term support on an obsolete version of Java. It really isn't Fedora's mission. Fedora is all about producing a first-class distro based on the latest software. > But even using your rationale, why GCJ, which is Java 5, is still in > Fedora 17? Because it's still useful, and its upstream is not dead. Andrew. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org