F22 System Wide Change: Legacy implementations of the Java platform in Fedora

Andrew Haley aph at redhat.com
Fri Feb 27 11:07:45 UTC 2015


On 02/27/2015 10:58 AM, Aleksandar Kurtakov wrote:
> The problem with alternatives is they are system wide so if one changes the alternatives to point to the legacy JDK for their third party app this becomes the JDK system wide. Thus all Fedora packaged Java apps (Tomcat, Jetty, JBoss, Freemind, Azureus, Eclipse...) will start using this JDK but they will contain jars compiled for newer JDK thus will fail at runtime.

Exactly.  But it's worse than that: someone sets an alternative for
some temporary purpose, then reboots their computer, then they get
pwned via the vulnerable Java.  I'm all for freedom, but we should not
install traps for our users.

Andrew.


More information about the devel mailing list