On 17/1/22 10:34 pm, ITschak Mugzach wrote:
Hi,
We took the time to dive into the wider issue of open source and z/os. USS
is a scary jungle!
Only to the ignorant.
Without many details on the how, we discovered that on our z/os 2.3 there
are 19 (!) different versions of Apache Ant: 1.5.3, 1.6.2, 1.6.5, 1.7.0,
1.7.1, 1.8.0, 1.8.1, 1.8.2, 1.8.2, 1.8.2, 1.8.3 ,1.8.4, 1.9.0, 1.9.2, 1.9.3
,1.9.4, 1.9.6 ,1.9.7, 1.9.8 used by 1000 plus jar files and sharing 4 CVEs.
I take it you don't understand the concept of semantic versioning. Those
are not all different versions, the last digit is the patch. We do this
in our (mainframe) products too.
In fact, we go further and add the Git commit hash to the version
message so we can track the version the customer is running down to a
line of code.
Apache Ant is a build system and not part of a runtime. I don't share
your concerns.
Nice divers... and as others may say "What you don't know doesn't hurt you".
ITschak
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM coming soon *
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
