Randy McMurchy wrote: > DJ Lucas wrote these words on 03/08/08 09:06 CST: >> Hi all, I wanted to see if there were any objections to commenting out >> the JDK source build for now. > > If you think the existing source build is too old, then it looks like > you don't have any choice (remember that we are targeting a rather > old LFS/BLFS system). Myself I'd like to see it stay, but we'll let > the community decide. > > The downside is that you'll have to comment the whole page out. I > don't want it to look like we support binary packages in a stable > BLFS release. I'm not really sure we can be flexible here either. > In fact, just the few seconds I'm thinking about it makes me sort > of lean really heavy of establishing policy of no binary packages > in the book unless it's used to bootstrap a source build. >
:-) Funny. We can't eliminate Java just because upstream is unable to address our needs at this time. They are working on it and soon the licensing issue and it's associated lack of releases, will be behind us and we'll be dealing with OpenJDK and a GPL license with Classpath Exception license (same as GCJ and GNU Classpath). Anyway, my previous message might have been a bit premature. I just found out that the guy responsible for JRL was out of town, which explains the lack of responses, but I'm still not optimistic for a u5 release as we were told already that there would be a u4 release. Right now there are 7 security vulnerabilities in the version in the book that have been fixed in u4/u5. While they are unlikely to occur, I don't want any known security vulnerabilities present at all. In addition to the two I mentioned, there are 5 other security fixes, and several other fixes/adjustments/improvements included in the newer releases, even a couple of nice to haves back ported from OpenJDK7. http://java.sun.com/javase/6/webnotes/ReleaseNotes.html#160_05 The vulnerability links are in the security fixes warning, except for one that was forgotten which is also fixed in u4: http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1 I also didn't see this one mentioned, but CERT says it's fixed in u5: http://www.kb.cert.org/vuls/id/223028 I'm firing off a message to Ray Gans now to see what the status is, but it's not looking good as it seems that u4 was lost completely. Assuming that I don't get a response, the other option is to leave the u3 source build in the book and put in a big warning that explains the vulnerabilities and a 'please complain repeatedly to sun about it' note. :-) -- DJ Lucas -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
