Java and openjdk
Craig White
craigwhite at azapple.com
Fri Aug 29 16:12:36 UTC 2008
On Fri, 2008-08-29 at 10:38 -0400, Gene Heskett wrote:
> On Friday 29 August 2008, Rahul Sundaram wrote:
> >Gene Heskett wrote:
> >> And the simple fact that those of us who want a working java are going to
> >> the sun site, getting the latest jre and installing it, never again to
> >> click on an ICED TEA update in yumex. Really, I think that says it all.
> >> You for legal reasons are defending an emasculated version, but the final
> >> say on what gets run is us, its our machine. Sue us? I doubt it. :)
> >
> >It is not iced tea now. It is called OpenJDK and that is a certified
> >Java from Sun. I won't sue for getting the details wrong ;-)
> >
> >Rahul
>
> Oh? From my yumex screen (F8 install)
> java-1.7.0-icedtea
> jave-1.7.0-icedtea-plugin
>
> and from an rpm -qa|grep java
> java-1.7.0-icedtea-1.7.0.0-0.19.b21.snapshot.fc8
> java-1.5.0-gcj-1.5.0.0-17.fc8
> tzdata-java-2008d-1.fc8
> glib-java-0.2.6-10.fc8
> java_cup-0.10-0.k.6jpp.1
> java-1.7.0-icedtea-plugin-1.7.0.0-0.19.b21.snapshot.fc8
>
> Humm, I may be wrong about not having icedtea
----
icedtea was F8, but not F9
----
> [root at coyote ~]# which java
> /usr/bin/java
> [root at coyote ~]# ls -l `which java`
> lrwxrwxrwx 1 root root 22 2008-03-31
> 19:34 /usr/bin/java -> /etc/alternatives/java
> [root at coyote ~]# ls -l /etc/alternatives/java/
> ls: cannot access /etc/alternatives/java/: Not a directory
> [root at coyote ~]# ls -l /etc/alternatives/java
> lrwxrwxrwx 1 root root 39 2008-03-31
> 19:41 /etc/alternatives/java -> /usr/lib/jvm/jre-1.7.0-icedtea/bin/java
>
> However, from FF's about:plugins, I get this:
> Java(TM) Plug-in 1.6.0_06-b02
>
> File name: /usr/java/jre1.6.0_06/plugin/i386/ns7/libjavaplugin_oji.so
> Java(TM) Plug-in 1.6.0_06
----
which java command is for running java from command shell
java plugin in Firefox is a separate issue...what's so difficult to
understand about that?
----
>
> So, do I need to replace that link? By installing the yumex offerings and
> bearing in mind that I long since gave up trying to keep up with every new
> browser version having its own plugins dir, created one & put all the plugins
> there, and linked all the other browsername/plugins to it?
>
> In that case, is it safe to do so since updates are not yet flowing? Those
> are old packages that have been sitting there for a month or more.
>
> A side note, we (my local group of friends) have found a blog
> <http://blogs.zdnet.com/security/?p=1803&tag=nl.e539> that gives a few hints
> on finding out if we too have been infected. According to it, no systems
> here are. The point being that the extreme privacy this has been kept under
> has now been exposed, letting the horse out of the barn so to speak, and this
> list deserves more candor from its 'parent' regarding it. We had been led to
> believe this was only a debian problem because of the speedup shortcut in the
> random number section of the code supposedly only they used. If this is a
> different exploit, then we need to know. We aren't above pulling in the
> src's and building our own you know, however my reading that code is not
> going to tell me if its safe, so I've told the one in my local group who was
> going to do that to hold off another day or so... His exposure to an exploit
> is 100x that of mine, so lets see some activity of some kind other than take
> a potato and wait. We are beginning to need a second potato to stave off the
> hunger here.
----
as someone who runs gui as root...you have so many issues to worry about
I wouldn't know where to start...in fact, your assertion that someone
else has an exposure to exploitation more than you is laughable.
Craig
More information about the users
mailing list