On Mon, Mar 27, 2017 at 11:32 PM, Ed Warnicke <[email protected]> wrote:
> Anil, > > Thats nice... but at the end of the day, here's the net-net... a large > subset of the world's first experience trying to do ODL development is > going to be that we are inexplicably broken in a cryptic way. I strongly > recommend we get a cert that is supported by *any* Oracle JDK 1.8, and wait > for Oracle JDK 1.8 to be deprecated for use for ODL development (typically > something that happens after 1.8 itself has EOLed) *before* using a Let's > Encrypt Cert. > > Initial exposure matters tremendously, and a first experience of "It's > broken" is not what we want. > > Ed > FWIW I don't think using expired versions of Java is good practice either. Oracle releases regular critical security patches [1] for a reason. According to [0] JDK8 Update 77 was expired on April 19, 2016. Users of Oracle's JDK should have received warnings that a new version is available and to update. As someone who used Mac and Windows in the past, I can understand it's annoying to receive those update popups and the temptation is to ignore it but as developers working on next generation network technology I don't think it's unreasonable that we also follow good security practices and keep our tools up to date. Regards, Thanh [0] http://www.oracle.com/technetwork/java/javase/8u77-relnotes-2944725.html [1] https://www.oracle.com/technetwork/topics/security/alerts-086861.html
_______________________________________________ Discuss mailing list [email protected] https://lists.opendaylight.org/mailman/listinfo/discuss
