This sounds like dystopia too me and exactly the thing I don't want. I can understand why a _few_ applications want to ship with their own JVM (IDEs, medical devices, nuclear facilities) but outside of that, this behavior should stop.
Attackers currently attack old Java installations because the Update system is not working as good and fast as it should. If this issue gets solved, the only thing which changes is that attackers will switch to attack applications with old JVMs embedded. Best thing which could happen is that Oracle just disallows bundling an internal JVM with an application. Then those end user applications could use an auto-update mechanism as appropriate. Additionally I don't see a reason why I should download a JVM update multiple times. Not even looking at the fact *that it just won't happen*. It is completely unrealistic. Most companies have very strict and time-consuming rules about testing an releasing an update. How exactly will people explain to the CEO that they will need to stop working a few days on their assigned work, just to update a third-party piece shipped with the application, retest it and update everything around it? (Documentation, web site, support, ...) -- You received this message because you are subscribed to the Google Groups "The Java Posse" group. To view this discussion on the web visit https://groups.google.com/d/msg/javaposse/-/sESu8nq7fLEJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
