Re: [blfs-book] [BLFS Trac] #7403: OpenJDK-1.8.0.72

Fri, 29 Jan 2016 22:27:04 -0800 


On 1/29/2016 4:29 PM, BLFS Trac wrote:

  What I read is that 8u71 has security fixes, but not 8u72, which they told
  to be ''improvements''.



Not exactly. The Java release schedule is an odd duck. The way they are 
releasing the distributed binaries now is that odd number update (on 
release schedule) is a CPU (critical patch update), which is security 
patches and regression fixes to the previous PSU (patch set update). 
PSUs are the even numbered updates, which is the previous CPU update 
revision +1 and includes the security fixes in that CPU. PSUs are 
feature changes and enhancements - and aren't usually pushed to java.com 
(binary release for regular users) for a while after release (if at all).


This explains the CPU vs PSU releases:
http://www.oracle.com/technetwork/java/javase/cpu-psu-explained-2331472.html


As to the CPU release schedule and planning (and lately PSU, with its 
CPU+1 update):

http://www.oracle.com/technetwork/topics/security/alerts-086861.html

This partially explains the oddball release numbering:

http://www.oracle.com/technetwork/java/javase/overview/jdk-version-number-scheme-1918258.html 
There was a post on the old -dev list that explained it in more detail, 
but I'm unable to find it right now.



In addition to all of that, they have even by 20 (20, 40, 60, 80) for 
"Limited" (off cycle updates). And finally, all other numbers in the 
space are reserved for special updates, usually for particularly nasty 
bugs or security flaws. 7u7, 7u17 and 7u67 were the last three (though 
67 is listed as Limited on the history, think this is a typo), haven't 
been any for 8 yet. See a pattern there? :-)


https://www.java.com/en/download/faq/release_dates.xml


As to which version to use...I keep my Windows clients who use JRE/JDK 
on the CPU releases (and disable automatic updates and deploy via GPO or 
like) unless a new feature or bug fix is needed (which has yet to happen).



All that said, given the audience, I think PSU/Limited/Special is the 
correct release for BLFS. These designations do not mean unstable, just 
newer and not largely tested in the wild (but still tested pretty 
thoroughly, at least among the java devs).


HTH

-- DJ

--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page





















					Reply via email to