On Thu, Feb 13, 2025 at 11:40 AM Peter Boy Uni <pboy@xxxxxxxxxxxxx> wrote: > > > > > Am 13.02.2025 um 10:25 schrieb Jiri Vanek <jvanek@xxxxxxxxxx>: > > > > > > > > On 2/12/25 10:06 PM, Kevin Kofler via devel wrote: > >> Mario Torre wrote: > >>> On Tue, Feb 11, 2025 at 2:11 AM Kevin Kofler via devel > >>> <devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > >>>> > >>>> Mario Torre wrote: > >>>>> OpenJDK 11 is EOL in Fedora regardless of the Fedora version, it hasn’t > >>>>> been updated in January for example. > >>>> > >>>> This is entirely unacceptable. The package shipped with Fedora 41, so it > >>>> MUST get security backports until the Fedora 41 EOL. If the maintainers > >>>> do not want to take care of that, they should orphan the package and let > >>>> somebody else push the required security updates. > >>> > >>> I am afraid not. > >>> > >>> If you want an updated package, you should be using the latest > >>> versions, anything else is a best effort and there's no guarantee it > >>> will be updated going forward. > >> Nonsense. OpenJDK 11 is an LTS version that is still getting security > > > > I Agree with Kevin, and I keep it updated, as long as I'm alive. As noted elsewhere in this thread, I'm negotiating with jdk11 possible future maintainers they step in as help. > > If my brain's built-in translator is working correctly, does this mean you're withdrawing your announcement and deprecation? I'd very very much welcome that! No. > In my ‚main side job', I work in the Fedora Server WG. And Java is an extremely important part of the software portfolio for servers. And because of its very extensive backwards compatibility – an important trademark and difference to other popular languages – Java 11 is basically not dispensable either. And Temurin is not a solution for us because the Fedora guidelines only allow us to install Fedora-built packages. Of course I also see the workload and didn't want to (kind of) demand it before. You can and should use Temurin, it is the solution. We are not in the position to maintain 11. The fact that Jiri volunteers his own time is a different thing than being expected for this to be properly maintained like we do with the other versions, we won't be able to rely on that. > >> updates upstream and, e.g., in Adoptium Temurin (to which the console spam > >> from the Fedora RPM was actually pointing). It just takes updating the > > > > Spam? Is that really so bad? What else would you suggest? > > I appreciate the message (well, not the message, but the placement). It is, or would be, a very serious infringement of the Fedora Java runtime environment. This cannot be announced early enough and as widely as possible. And because servers are mainly administered via terminal, a large proportion of users get aware of it. Cheers, Mario -- Mario Torre Manager, Software Engineering, Red Hat OpenJDK, Java Champion https://keybase.io/neugens 9704 A60C B4BE A8B8 0F30 9205 5D7E 4952 3F65 7898 Mastodon: https://mastodon.social/@MarioTorre Red Hat GmbH, Registered seat: Werner von Siemens Ring 12, D-85630 Grasbrunn, Germany Commercial register: Amtsgericht Muenchen/Munich, HRB 153243, Managing Directors: Ryan Barnhart, Charles Cachera, Michael O'Neill, Amy Ross -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue