On 01/18/2012 05:54 AM, Andreas Säger wrote: > Am 11.01.2012 20:08, Tanstaafl wrote: >> >> It is simply unwise to keep old/exploitable version of java on any system. >> > > There is no technical reason to do so on a Windows system. Under Linux > there may be a tiny fraction of users like me who face a certain > performance problem in Base.
Updates are typically multi-OS. Example: <http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html#PatchTable/> Scroll down to the 'Appendix - Oracle Java SE' and read: <quote> CVSS scores below assume that a user running a Java applet or Java Web Start application has administrator privileges (typical on Windows). Where the user does not run with administrator privileges (typical on Solaris and Linux), the corresponding CVSS impact scores for Confidentiality, Integrity, and Availability are "Partial" instead of "Complete", and the corresponding CVSS Base score is 7.5 instead of 10 respectively. </quote> Ditto for the October 2011 updates: <http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html> And: http://java.com/en/download/faq/remove_olderversions.xml <quote> Should I remove older versions of Java? We highly recommend users remove all older versions of Java from your system. Keeping old and unsupported versions of Java on your system presents a serious security risk. Removing older versions of Java from your system ensures that Java applications will run with the most up-to-date security and performance improvements on your system. </quote> Regarding performance issues, from the same web page: <quote> Do I need older versions of Java? The latest available version is always compatible with the older versions. However, some Java applications (or applets) can indicate that they are dependent on a particular version, and may not run if you do not have that version installed. If an application or web page you access requires an older version of Java, you should report this to the provider/developer and request that they update the application to be compatible with all Java versions. </quote> So... run older versions at *your* own risk. Just please do not advise others to do the same without sufficent warnings. -- For unsubscribe instructions e-mail to: [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
