A couple things I would put there: Right now administrators of Java applications need to periodically update their JREs either for security, performance, or other reasons. There is a security baseline and when people go below, how far below it are they? Am I one version behind, three versions behind, how much time is that? Another driver for JDK-currency would be to take the delta and produce a histogram of vulnerabilities by CVSS – what exactly am I patching? If I create a static application, such as javapackager or GraalVM native, what vulnerabilities have I baked in and when do I need a new build against a higher JDK? This would ultimately drive towards automating updates to the right baseline for a given JDK major version.
Another thing that would help is the cryptography specs and something to track algorithms and Certificate Authorities as they change between minor releases. Right now I think the JCA spec is only hosted at one location and it lists all the algorithms in a copy-able form. Another benefit would be to answer questions like, when was AWS Trust added to cacerts? This is probably less interesting but the config files drive behavior and sometimes it’s hard to understand when they change. From: Geertjan Wielenga<mailto:[email protected]> Sent: Friday, September 11, 2020 3:03 PM To: dev<mailto:[email protected]> Subject: foojay.io — my other hat! Hi all, Some of you may be aware that aside from NetBeans, there’s another project I’m associated with, which is also connected to NetBeans: foojay.io, a place for friends of OpenJDK It’s a vendor neutral site for all things Java, though sponsored by my employer Azul. It’s a way in which Azul supports open source, OpenJDK, Java, etc. Anyway — please take a look, see what’s there in terms of supporting your daily Java development needs, and tell me what’s missing, i.e., what kind of info rated to Java would you like to see there? And maybe you’d like to do your blogging directly on foojay? That’s possible too. Maybe we could create an area dedicated to NetBeans, for example. Feedback welcome, Gj
