Am 01.03.2013 04:35, schrieb Moritz Mühlenhoff: > Backporting security fixes with Java has turned out to be more of less > unfeasible. I tried this once with DSA 2507 and I think that amounted to at > least > two man days of work for that update alone. Also, Ubuntu has shipped > backports to all suites in USN-1724 and AFAICS the world hasn't stopped. > After all, everyone using Oracle Java will be exposed to the same > behaviourial changes. > > So we should proceed with providing backports for openjdk in the future.
will that be in backports, stable updates, or security? > If Matthias keeps the Debian/Ubuntu packaging in a state that it's easily > buildable on squeeze/wheezy for ojdk6 and for wheezy on ojdk7 I think > we should be able to handle Java updates resource-wise. I do not intend to break that intentionally. Some back-porting may show some issues, like patches not updated for older releases. There is a chance to break zero on some architectures, however if you feel that might become an issue, just disable zero for powerpc, ppc64, s390, s390x, as done for mips/mipsel. The hotspot port for sparc/sparc64 seems to work currently, so your call how to maintain it for wheezy. > I'm not familiar with the Java internals, but if we're following that approach > it would make sense to upgrade Wheezy to the version in experimental > (i.e. 7u15 instead of 7u3). I won't upload this myself. IcedTea 7-2.3 uses two hotspot versions, one for the zero ports, one for the hotspot runtimes. From my point of view it would be good to update to a 7-2.[45] with a unified hotspot version capable to build both zero and hotspot, and keep the current 7-2.1.x for now. Matthias -- To UNSUBSCRIBE, email to debian-java-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/51362171.6060...@ubuntu.com