Hi Dimitrios, *, On Fri, Mar 30, 2012 at 2:52 PM, Dimitrios Glentadakis <[email protected]> wrote: > [...] > I interpreted Guillaume's approach as about the impact that can have Mageia's > decisions in a > system and the respect of the user and his system as a priority, but it was > finally interpreted > as he wants something for his personal use or he does nt care about a > security issue, for the > same reason. At least, is what i got.
Well - that is what he said: "Don't push security updates to users by replacing package A by package B." Or: "I don't care that other people will continue using software with security flaws, since I know what I am doing." And I strongly oppose to this attitude/point of view. Not limited to Java, but in general. When a package *cannot* be updated and thus there will never be a security fix (and not just a delay of a couple of days/weeks), then the only sane thing for a distro is to replace the package by something equivalent. In the case of Java it is just so much easier, as there already exists a package that virtually does the very same thing. He wants to keep java for a special need, so that "I don't want this package A to be removed" is his own personal use. I'm sure that >98% of the users will not be amused when you tell them after a year or two that they have been running a version of java that has a big security flaw for all that time, just because one didn't want to obsolete the package. Of course "obsoletes" shall not be taken lightly. But i the case for Java, the rationale that oracle gives for no longer having the distributor's license is that OpenJDK and Oracle's java are now very close, that they are no longer separate things, but that Oracle's Java just builds on top of OpenJDK. For people just in need for "java" there will hardly be any difference. People with a special need for specific versions of java can still download and install java from Oracle's site. It is not a case where installing OpenJDK would make using Oracle's java impossible/that you have to install OpenJDK in the first place. ciao Christian
