How to install OpenJDK6 on F17

Deepak Bhole dbhole at redhat.com
Thu May 31 20:01:15 UTC 2012 

* Fernando Lozano <fernando at lozano.eti.br> [2012-05-31 15:12]:
> Hi Deepak,
> 
> >java-1.6.0-openjdk and java-1.7.0-openjdk can co-exist side by side
> >happily -- you can even use alternatives to switch the default if you
> >really want to.
> >
> >We just cannot ship 6 in F17 because it will EOL well before F17 does
> >and we cannot ship a known insecure version.
> 
> Thanks for the info, I feel better with RPM packages (even if I have to reinstall after upgrades) than custom-built binaries. So I'll give it a try.
> 
> But about the EOL date, I could only find on google an EOL date of Nov/2012 for Oracle JDK, which is the proprietary, commercialy supported build by Oracle. I could not find any EOL for the OpenJDK project or the IcedTea project.
> 
> My expectation, based on current use of Java by developers I know, and past experience with other Java updates, is that JDK6 will be the most used JDK release for much longer than the Oracle EOL date. Nothing prevents the open source communities to continue supporing OpenJDK and IcedTea past Oracle EOL date. I see there's strong demand for that. So why not doing? Too few people working on that outside of Oracle?
> 

OpenJDK6 will no longer get security updates after November 2012:
http://mail.openjdk.java.net/pipermail/discuss/2012-February/002514.html

A large part of the problem is that we will not have access to all the
security vulnerability information as it is not made public. That will
make it very difficult to fix the underlying issues.

I am guessing that a lot of people who will use the Oracle JDK6 beyond
the EOL date will probably run the version last available before EOL. We
cannot ship such insecure versions in Fedora though.

> You could at least package OpenJDK7 in a way it doesn't obsoletes OpenJDK6, so if anyone wants to mantain an OpenJDK6 repo for F17 and beyond they can do so.
>

The obsoletes was added on purpose. It was added because many packages
require java >= 1:1.6.0. If 7 does not not obsolete 6, older systems
(F15/16) that have 6 will not necessarily pull in 7 as 6 will satisfy
this dependency. However the package will not actually work with 6
because all new packages are being compiled with 7 which produces a
newer bytecode that 6 does not understand. This was the bug that
prompted obsoleting of 6:

https://bugzilla.redhat.com/show_bug.cgi?id=817516

Cheers,
Deepak
 
> 
> []s, Fernando Lozano
> 
>

More information about the users mailing list