----- Original Message ----- > As you may already know from Nandini Ramani's blog post on 'Maintaining the > security-worthiness of Java' from May [0], starting in October 2013, Java > security fixes will be released under the Oracle Critical Patch Update > schedule along with all other Oracle products. In other words, Java will > now issue four annual security releases. > > You can find the next four dates for Oracle Critical Patch Updates and more > information about them online. [1] You can also find information about > upcoming releases' version numbers, as discussed on this list in April. [2] > > We just released 7u40 in September - 7u60, in other words, is a couple of CPU > releases away. It would be nice if there was a way for OpenJDK 7u Authors, > Committers and Reviewers to flag critical fixes that have been integrated > into jdk7u-dev for consideration by the Oracle JDK 7u CPU Release Team for > inclusion into a CPU release before 7u60. All such fixes would still > continue to be fixed in the jdk7u-dev integration forest first and would > continue to follow the normal jdk7u fix process [3]. > > So, in order to enable critical & high impact fixes developed within this > Project in OpenJDK to be considered for upcoming CPU releases, a developer > requesting their fix to be considered for CPU integration can label their > bug with "CPU-critical-request" in the JDK Bug System [4]. If approved by > the Oracle JDK 7u CPU Release Team the label will be updated to > "CPU-critical-approved" and they will then ensure that this fix gets > integrated to an upcoming CPU release. All relevant updates will be > processed via the bug report. > > Such bug fix requests should only be made for critical fixes. A guideline > might be : > > * P1 bug > OR > * A serious regression which needs fixing ASAP > >
Does this mean you actually plan to finally do OpenJDK releases corresponding to these "Critical Patch Updates"? > cheers, > dalibor topic > > [0] > https://blogs.oracle.com/security/entry/maintaining_the_security_worthiness_of > [1] http://www.oracle.com/technetwork/topics/security/alerts-086861.html > [2] > http://www.oracle.com/technetwork/java/javase/overview/jdk-version-number-scheme-1918258.html > [3] http://openjdk.java.net/projects/jdk7u/groundrules.html > [4] https://bugs.openjdk.java.net > > -- > Oracle <http://www.oracle.com> > Dalibor Topic | Principal Product Manager > Phone: +494089091214 <tel:+494089091214> | Mobile: +491737185961 > <tel:+491737185961> > Oracle Java Platform Group > > ORACLE Deutschland B.V. & Co. KG | Kühnehöfe 5 | 22761 Hamburg > > ORACLE Deutschland B.V. & Co. KG > Hauptverwaltung: Riesstr. 25, D-80992 München > Registergericht: Amtsgericht München, HRA 95603 > Geschäftsführer: Jürgen Kunz > > Komplementärin: ORACLE Deutschland Verwaltung B.V. > Hertogswetering 163/167, 3543 AS Utrecht, Niederlande > Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697 > Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher > > Green Oracle <http://www.oracle.com/commitment> Oracle is committed to > developing practices and products that help protect the environment > -- Andrew :) Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com) PGP Key: 248BDC07 (https://keys.indymedia.org/) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
