On 03/28/2017 08:37 AM, Thanh Ha wrote: > On Mon, Mar 27, 2017 at 11:32 PM, Ed Warnicke <[email protected] > <mailto:[email protected]>> wrote: > > Anil, > > Thats nice... but at the end of the day, here's the net-net... a > large subset of the world's first experience trying to do ODL > development is going to be that we are inexplicably broken in a > cryptic way. I strongly recommend we get a cert that is supported > by *any* Oracle JDK 1.8, and wait for Oracle JDK 1.8 to be > deprecated for use for ODL development (typically something that > happens after 1.8 itself has EOLed) *before* using a Let's Encrypt Cert. > > Initial exposure matters tremendously, and a first experience of > "It's broken" is not what we want. > > Ed > > > FWIW I don't think using expired versions of Java is good practice > either. Oracle releases regular critical security patches [1] for a > reason. According to [0] JDK8 Update 77 was expired on April 19, 2016. > Users of Oracle's JDK should have received warnings that a new version > is available and to update. > > As someone who used Mac and Windows in the past, I can understand it's > annoying to receive those update popups and the temptation is to ignore > it but as developers working on next generation network technology I > don't think it's unreasonable that we also follow good security > practices and keep our tools up to date. > > Regards, > Thanh > > [0] http://www.oracle.com/technetwork/java/javase/8u77-relnotes-2944725.html > [1] https://www.oracle.com/technetwork/topics/security/alerts-086861.html
To add to this, while we _can_ switch back to the COMODO cert for Nexus it's only good until the middle of December and we will _not_ be purchasing new certs now that we have Let's Encrypt capabilities configured in our Puppet management. -Andy- -- Andrew J Grimberg Lead, IT Release Engineering The Linux Foundation
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Discuss mailing list [email protected] https://lists.opendaylight.org/mailman/listinfo/discuss
