On Thu, 12 Jan 2012 21:50:15 +0100, Mark Fortner <phidia...@gmail.com>
wrote:
Java can be configured to automatically update on Windows:
http://java.com/en/download/help/java_update.xml. On Linux and OS X, the
package manager, and Mac Update mechanism usually takes care of that for
you.
The only embarrassing moment in my career happened at the times of Java
1.3 (don't remember precisely). The day before the official acceptance
tests everything was fine. The day of the official acceptance tests, in
presence of a big boss of the customer, everything failed. I don't recall
precisely the details (it should be stuff circa 2000/2001), but our Java
Web Start got an update when running the acceptance tests and got a change
in the management of digital certificates. Before the update, the JRE was
able to access the certstore of Internet Explorer. After the update it
wasn't. We were using a customer self-signed certificate that the official
procedure presumed was loaded by first connecting to the website home
page, then it would have been available to the Java applet that was going
to run. Without the certificate, the applet was completely broken.
The incident was understood a few hours later and caused no big
consequences, because the customers' technicians understood what happened.
But, you know, a failure, even temporary, in face of a non technical boss
*may* have bad consequences even after a clarification.
So, for an industrial environment, auto-update for me is a big NO. In the
sense that I must be able to control it: I will always explicitly put a
dependency on a specific Java version. We can say that auto update may
even occur, but not replacing the older version, and the newer won't be
used until somebody first tests everything in a pre-production environment
and then gives green light for production.
For end users, it makes probably sense because they are not technical,
lazy and wouldn't run the update manually, thus exposing to potential
security flaws. But for sure an automatic update, sooner or later, is
going to break some piece of software. Probably in most cases it's a minor
damage than a security breach.
Short story: ok to automatic updates, but there must be a switch. I
personally would always switch it off, even for personal use.
--
Fabrizio Giudici - Java Architect, Project Manager
Tidalwave s.a.s. - "We make Java work. Everywhere."
fabrizio.giud...@tidalwave.it
http://tidalwave.it - http://fabriziogiudici.it
--
You received this message because you are subscribed to the Google Groups "The Java
Posse" group.
To post to this group, send email to javaposse@googlegroups.com.
To unsubscribe from this group, send email to
javaposse+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/javaposse?hl=en.
