Bug#645881: critical update 29 available
Thijs Kinkhorst
thijs at debian.org
Wed Oct 19 13:28:02 UTC 2011
On Wed, October 19, 2011 14:15, Matthias Klose wrote:
> On 10/19/2011 02:09 PM, Thijs Kinkhorst wrote:
>> Have we been in contact with Oracle upstream and explained that we are
>> eager to comply with their wish to move entirely to openjdk for our next
>> release, but have the problem that we have a stable release out in the
>> field that people rely on? Are there possibilities to extend the offer
>> for
>> the lifetime of stable, or at least until it becomes oldstable?
>
> there's nothing which hinders you to still have the current version in
> stable.
> The license isn't changed for the existing package. It's up to the
> security/release teams to decide if they want to have a version with known
> security issues in the stable release
I understand that, and I think the situation where we keep something in
unstable while refraining from publishing security updates is undesirable.
What I'm wondering is if we tried to ask upstream whether they would be
willing to extend the DLJ offer so we can keep security fixes for the
sun-java6 version in stable coming in for the lifetime of this release,
notwithstanding the fact that we're removing it from the next release.
> (in the past the security team
> didn't care about this at all for the current oldstable).
I don't know what this refers to, but it doesn't seem relevant because
we're talking about the present.
Thijs
More information about the pkg-java-maintainers
mailing list