Functionality should really be in scap-workbench first. On Tuesday, November 27, 2018, Shawn Wells <sh...@redhat.com> wrote:
> > > On 11/27/18 2:06 PM, James Ralston wrote: > > I apologize if this is a little off-topic for this list, but a > question: what are others who use STIG Viewer planning to do once > Oracle JDK 8 / JavaFX go EOL in January 2019? > > Any Oracle Java 8 security updates released after January 2019 will > require a commercial support license from Oracle: > > > https://developers.redhat.com/blog/2018/11/05/migrating-from-oracle-jdk-to-openjdk-on-red-hat-enterprise-linux-what-you-need-to-know/ > > STIG Viewer requires Oracle JDK 8 and JavaFX 8 in order to function. > Oracle JDK 11 is the next LTS (long term support) version of Java. > (Java 9 and Java 10 are not LTS releases, and are already EOL.) But > in Java 11, Oracle removed JavaFX: > > > https://www.infoworld.com/article/3305073/java/removed-from-jdk-11-javafx-11-arrives-as-a-standalone-module.html > > The OpenJFX project provides a JavaFX 11 implementation that works > with OpenJDK 11: > > https://openjfx.io/ > > But: I tested the latest STIG Viewer (version 2.8) with OpenJDK 11 / > OpenJFX 11, and it does not work; it simply crashes at startup. > > This will shortly place all STIG Viewer users in the situation where > they must purchase a commercial support contract from Oracle in order > to run STIG Viewer, because STIG Viewer requires outdated / EOL > technology. > > I asked DISA/IASE what their intentions were with STIG Viewer in light > of this. As of 2018-11-27, this was their response: > > > There are currently no plans on creating a non-Oracle java version > of STIG Viewer at this time. We also have no information regarding > how DoD will be addressing the licensing requirement for Oracle java > going forward. > > So. > > Ideally, I'd like to find a Linux replacement for STIG > Viewer—something that can read, annotate, and write STIG Viewer > checklist (*.ckl) files. But although SCAP Workbench can load and > check STIGs, unless I'm missing something, it has no support for STIG > Viewer checklist files. > > > Not being snide, should this come across wrongly.... genuine question: Why > use STIG Viewer in the first place? > > > I can't be the only person in this boat. What are others doing? > > Wonder if this is something that could be incorporated into Security > Central? > > /me glances at @Gabe Alford >
_______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
