Re: Call for tests: Making OpenJDK 7 the default in Wheezy LTS
On 2016-05-17 12:31:27, Markus Koschany wrote: > [dropping Rene from CC because he is subscribed to debian-java] > > Am 17.05.2016 um 17:56 schrieb Antoine Beaupré: >> On 2016-04-25 06:34:53, Markus Koschany wrote: > [...] >>> We don't intend to remove OpenJDK 6 but it will receive no further >>> security updates. >> >> .. starting from june? > > Starting from the start of the LTS cycle. > > https://anonscm.debian.org/cgit/collab-maint/debian-security-support.git/tree/security-support-ended.deb7 Oh. I missed that completely somehow. Darn it, sorry for the noise. >> Because there *are* issues on OpenJDK-6 *now*: should they be triaged >> out of there, or will they actually be fixed in an gigantic upload at >> the end of the day? >> >> https://security-tracker.debian.org/tracker/source-package/openjdk-6 >> >> a, which his frontdesk hat. > > No, the whole point of making OpenJDK 7 the default implementation is > that we can drop the support for OpenJDK 6. Even upstream (Red Hat) > recommends to use OpenJDK 7 for long term use now. I have done > everything possible to make users aware of the change. At the moment we > are in a grace period because we don't want to surprise admins who, for > instance, run Tomcat or Jetty. But by now they should know that OpenJDK > 6 is unsupported and that we strongly recommend to switch to OpenJDK 7. > On 26 June we simply complete this process by making OpenJDK 7 the default. Of course, that makes sense. I'll just mark those issues as EOL then. Thanks for the clarification! A. -- One has a moral responsibility to disobey unjust laws. - Martin Luther King, Jr.
Re: Call for tests: Making OpenJDK 7 the default in Wheezy LTS
[dropping Rene from CC because he is subscribed to debian-java] Am 17.05.2016 um 17:56 schrieb Antoine Beaupré: > On 2016-04-25 06:34:53, Markus Koschany wrote: [...] >> We don't intend to remove OpenJDK 6 but it will receive no further >> security updates. > > .. starting from june? Starting from the start of the LTS cycle. https://anonscm.debian.org/cgit/collab-maint/debian-security-support.git/tree/security-support-ended.deb7 > > Because there *are* issues on OpenJDK-6 *now*: should they be triaged > out of there, or will they actually be fixed in an gigantic upload at > the end of the day? > > https://security-tracker.debian.org/tracker/source-package/openjdk-6 > > a, which his frontdesk hat. No, the whole point of making OpenJDK 7 the default implementation is that we can drop the support for OpenJDK 6. Even upstream (Red Hat) recommends to use OpenJDK 7 for long term use now. I have done everything possible to make users aware of the change. At the moment we are in a grace period because we don't want to surprise admins who, for instance, run Tomcat or Jetty. But by now they should know that OpenJDK 6 is unsupported and that we strongly recommend to switch to OpenJDK 7. On 26 June we simply complete this process by making OpenJDK 7 the default. Regards, Markus signature.asc Description: OpenPGP digital signature
Re: Call for tests: Making OpenJDK 7 the default in Wheezy LTS
On 2016-04-25 06:34:53, Markus Koschany wrote: > Am 25.04.2016 um 12:23 schrieb Rene Engelhard: >> Hi, >> >> On Mon, Apr 25, 2016 at 12:17:52PM +0200, Markus Koschany wrote: >>> we are mainly concerned about runtime issues with OpenJDK 7. Libreoffice >>> declares dependencies on default-jre | openjdk-7-jre, so I believe it >>> should be fine. I am aware of build failures with OpenJDK 7 and I think >>> that can't be avoided unless we want to redo the whole OpenJDK 7 >>> transition. [1] >>> >>> I think in those cases it is reasonable to recommend to manually change >>> build dependencies back to OpenJDK 6 because rebuilding a package does >> >> Only if it stays (unsupported) and it's not actually removed from the >> archive.. > > We don't intend to remove OpenJDK 6 but it will receive no further > security updates. .. starting from june? Because there *are* issues on OpenJDK-6 *now*: should they be triaged out of there, or will they actually be fixed in an gigantic upload at the end of the day? https://security-tracker.debian.org/tracker/source-package/openjdk-6 a, which his frontdesk hat. -- We will create a civilization of the Mind in Cyberspace. May it be more humane and fair than the world your governments have made before. - John Perry Barlow, 1996 A Declaration of Independence of Cyberspace
Re: Call for tests: Making OpenJDK 7 the default in Wheezy LTS
Hi, On Mon, Apr 25, 2016 at 12:34:53PM +0200, Markus Koschany wrote: > Am 25.04.2016 um 12:23 schrieb Rene Engelhard: > > On Mon, Apr 25, 2016 at 12:17:52PM +0200, Markus Koschany wrote: > >> we are mainly concerned about runtime issues with OpenJDK 7. Libreoffice > >> declares dependencies on default-jre | openjdk-7-jre, so I believe it > >> should be fine. I am aware of build failures with OpenJDK 7 and I think > >> that can't be avoided unless we want to redo the whole OpenJDK 7 > >> transition. [1] > >> > >> I think in those cases it is reasonable to recommend to manually change > >> build dependencies back to OpenJDK 6 because rebuilding a package does > > > > Only if it stays (unsupported) and it's not actually removed from the > > archive.. > > We don't intend to remove OpenJDK 6 but it will receive no further > security updates. OK, then nevermind. Regards, Rene
Re: Call for tests: Making OpenJDK 7 the default in Wheezy LTS
Am 25.04.2016 um 12:23 schrieb Rene Engelhard: > Hi, > > On Mon, Apr 25, 2016 at 12:17:52PM +0200, Markus Koschany wrote: >> we are mainly concerned about runtime issues with OpenJDK 7. Libreoffice >> declares dependencies on default-jre | openjdk-7-jre, so I believe it >> should be fine. I am aware of build failures with OpenJDK 7 and I think >> that can't be avoided unless we want to redo the whole OpenJDK 7 >> transition. [1] >> >> I think in those cases it is reasonable to recommend to manually change >> build dependencies back to OpenJDK 6 because rebuilding a package does > > Only if it stays (unsupported) and it's not actually removed from the > archive.. We don't intend to remove OpenJDK 6 but it will receive no further security updates. >> not pose a security risk and should never happen on production systems >> anyway. I will update https://wiki.debian.org/LTS/Wheezy and add an >> example today. > > You miss the case where you want (as it's LTS) provide security updates. So > it needs to be buildable. Or you declare all Java-using things unsupported > in wheezy-LTS. If a Java package needs a security update, we will ensure that it will be fixed in a timely manner which includes fixing possible build failures. All Java packages are supported. Regards, Markus signature.asc Description: OpenPGP digital signature
Re: Call for tests: Making OpenJDK 7 the default in Wheezy LTS
Hi, On Mon, Apr 25, 2016 at 12:17:52PM +0200, Markus Koschany wrote: > we are mainly concerned about runtime issues with OpenJDK 7. Libreoffice > declares dependencies on default-jre | openjdk-7-jre, so I believe it > should be fine. I am aware of build failures with OpenJDK 7 and I think > that can't be avoided unless we want to redo the whole OpenJDK 7 > transition. [1] > > I think in those cases it is reasonable to recommend to manually change > build dependencies back to OpenJDK 6 because rebuilding a package does Only if it stays (unsupported) and it's not actually removed from the archive.. > not pose a security risk and should never happen on production systems > anyway. I will update https://wiki.debian.org/LTS/Wheezy and add an > example today. You miss the case where you want (as it's LTS) provide security updates. So it needs to be buildable. Or you declare all Java-using things unsupported in wheezy-LTS. Regards, Rene
Re: Call for tests: Making OpenJDK 7 the default in Wheezy LTS
Am 25.04.2016 um 11:41 schrieb Rene Engelhard: > Hi, > > On Wed, Apr 20, 2016 at 06:22:51PM +0200, Markus Koschany wrote: >> I would like to ask everyone who uses Java in server or desktop >> environments to test their applications with OpenJDK 7 and to prepare >> for the switch. This can be achieved by installing either openjdk-7-jre >> or openjdk-7-jre-headless. In case OpenJDK 6 is already installed on > > Not everywhere. If your package expects a JDK path set and that is set to > 6 in debian/rules (if you're not using the default) you need source changes. > > As for - you guess it - LO in the old times back then. 6 is hardcoded in > rules (and for the build-dep in control). > > Running a testbuild with 7 now, but LO would need a full upload :/ Hi Rene, we are mainly concerned about runtime issues with OpenJDK 7. Libreoffice declares dependencies on default-jre | openjdk-7-jre, so I believe it should be fine. I am aware of build failures with OpenJDK 7 and I think that can't be avoided unless we want to redo the whole OpenJDK 7 transition. [1] I think in those cases it is reasonable to recommend to manually change build dependencies back to OpenJDK 6 because rebuilding a package does not pose a security risk and should never happen on production systems anyway. I will update https://wiki.debian.org/LTS/Wheezy and add an example today. Regards, Markus [1] https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=openjdk-7-transition;users=ubuntu-de...@lists.ubuntu.com signature.asc Description: OpenPGP digital signature
Re: Call for tests: Making OpenJDK 7 the default in Wheezy LTS
Hi, On Wed, Apr 20, 2016 at 06:22:51PM +0200, Markus Koschany wrote: > I would like to ask everyone who uses Java in server or desktop > environments to test their applications with OpenJDK 7 and to prepare > for the switch. This can be achieved by installing either openjdk-7-jre > or openjdk-7-jre-headless. In case OpenJDK 6 is already installed on Not everywhere. If your package expects a JDK path set and that is set to 6 in debian/rules (if you're not using the default) you need source changes. As for - you guess it - LO in the old times back then. 6 is hardcoded in rules (and for the build-dep in control). Running a testbuild with 7 now, but LO would need a full upload :/ Regards, Rene
Call for tests: Making OpenJDK 7 the default in Wheezy LTS
Hi all, as you may already be aware, the intention is to make OpenJDK 7 the default Java implementation in Wheezy LTS to ensure full security support until 31 May 2018. The switch will happen on 26 June 2016. I would like to ask everyone who uses Java in server or desktop environments to test their applications with OpenJDK 7 and to prepare for the switch. This can be achieved by installing either openjdk-7-jre or openjdk-7-jre-headless. In case OpenJDK 6 is already installed on your system, you can switch to OpenJDK 7 by using the update-alternatives mechanism: sudo update-alternatives --config java On 26 June default-jre, default-jre-headless and default-jdk will no longer point to OpenJDK 6 but to OpenJDK 7 instead. This will be achieved by updating the java-common package. I have prepared updated packages of java-common for testing that can be downloaded from: https://people.debian.org/~apo/wheezy-lts/ Important note for users of Tomcat and Jetty: We strongly recommend to change the JAVA_HOME variable in /etc/default/tomcat7 and /etc/default/jetty to JAVA_HOME=/usr/lib/jvm/openjdk-7-jdk and to replace OpenJDK 6 with OpenJDK 7 at your earliest convenience. Regards, Markus signature.asc Description: OpenPGP digital signature
Re: Making OpenJDK 7 the default in Wheezy-LTS
Am 29.03.2016 um 12:58 schrieb Andrew Haley: > On 24/03/16 19:03, Markus Koschany wrote: >> Wheezy-LTS is going to start next month and there is the intention to >> switch the default-jre|jdk from OpenJDK 6 to OpenJDK 7 because the >> latter can be supported until Wheezy reaches EOL in 2018-05-31. > > Yes! Good call. > > While we are still supporting OpenJDK 6 and making security releases, > it is always the last in the queue when there is urgent work to be > done, and for this reason may be subject to delays. > > Andrew. > > (OpenJDK 6 project lead.) Thanks for all your work on supporting older OpenJDK releases. We all very much appreciate that. Regards, Markus signature.asc Description: OpenPGP digital signature
Re: Making OpenJDK 7 the default in Wheezy-LTS
Am 29.03.2016 um 09:00 schrieb Emmanuel Bourg: > Le 28/03/2016 18:05, Markus Koschany a écrit : > >> Emmanuel, could you outline again what needs to be done to address your >> concerns? As far as dependencies goes this looks sane to me. > > The issue is the init script of Tomcat [1], it uses > /usr/lib/jvm/default-java first if available. The same goes for Jetty. > > Switching the default JRE will affect any application using > /usr/lib/jvm/default-java directly instead of /usr/bin/java. Also if I'm > not mistaken openjdk-6 could get autoremoved by APT and the alternative > then switched to openjdk-7. It seems you picked Tomcat 7 in Jessie but nevermind, although the version in Wheezy [2] looks different it would use default-java as JAVA_HOME too. I don't know why we wrote the find_openjdks() function in the first place.. The admin could also override the init script with /etc/default/tomcat7. I think this case highlights the importance of supporting one and only one Java runtime per release, if we don't want to invest a lot of time in fixing those corner cases. I think we could upload new packages of Tomcat and Jetty that warn the users about the upcoming switch to OpenJDK 7 and recommend to explicitly set JAVA_HOME in /etc/default/tomcat7. I will also document this on https://wiki.debian.org/LTS/Wheezy. I'm not sure about the autoremoval of OpenJDK 6. On my Wheezy system nothing got removed and I had to use update-alternatives manually. > So my suggestion would be to push an update of java-common first with a > NEWS file stating that we'll stop maintaining openjdk-6 in months > and switch the default JRE. This will let enough time to the LTS users > to anticipate the change. I like this suggestion. I will also add NEWS files to Tomcat and Jetty when Wheezy-LTS starts. My current plan is to change default-java two months later. Cheers, Markus > > Emmanuel Bourg > > [1] https://sources.debian.net/src/tomcat7/7.0.56-3/debian/tomcat7.init/#L56 > [2] https://sources.debian.net/src/tomcat7/7.0.28-4%2Bdeb7u2/debian/tomcat7.init/ signature.asc Description: OpenPGP digital signature
Re: Making OpenJDK 7 the default in Wheezy-LTS
On 24/03/16 19:03, Markus Koschany wrote: > Wheezy-LTS is going to start next month and there is the intention to > switch the default-jre|jdk from OpenJDK 6 to OpenJDK 7 because the > latter can be supported until Wheezy reaches EOL in 2018-05-31. Yes! Good call. While we are still supporting OpenJDK 6 and making security releases, it is always the last in the queue when there is urgent work to be done, and for this reason may be subject to delays. Andrew. (OpenJDK 6 project lead.) signature.asc Description: OpenPGP digital signature
Re: Making OpenJDK 7 the default in Wheezy-LTS
Le 28/03/2016 18:05, Markus Koschany a écrit : > Emmanuel, could you outline again what needs to be done to address your > concerns? As far as dependencies goes this looks sane to me. The issue is the init script of Tomcat [1], it uses /usr/lib/jvm/default-java first if available. The same goes for Jetty. Switching the default JRE will affect any application using /usr/lib/jvm/default-java directly instead of /usr/bin/java. Also if I'm not mistaken openjdk-6 could get autoremoved by APT and the alternative then switched to openjdk-7. So my suggestion would be to push an update of java-common first with a NEWS file stating that we'll stop maintaining openjdk-6 in months and switch the default JRE. This will let enough time to the LTS users to anticipate the change. Emmanuel Bourg [1] https://sources.debian.net/src/tomcat7/7.0.56-3/debian/tomcat7.init/#L56
Re: Making OpenJDK 7 the default in Wheezy-LTS
Hi tony, Am 26.03.2016 um 18:05 schrieb tony mancill: > Hello Markus, > > On 03/24/2016 12:03 PM, Markus Koschany wrote: [...] >> Is there a way to change the preferred Java environment to OpenJDK 7 >> with update-alternatives, assumed OpenJDK 6 was installed before? Is >> this a good idea or should we just warn users about the fact that they >> use an unsupported Java version on their system and recommend to do the >> switch manually? > > Since things could potentially break, or the user might have already > performed some custom configuration, I think warning the user via a new > NEWS entry (see [1]) in java-common is appropriate. Then the user can > take the necessary/desired action. That's a good suggestion. I think a forced change to OpenJDK 7 is out of the question. After the default has been switched to OpenJDK 7, manual interaction will be required by the users with update-alternatives. That should raise their awareness for the change and give them the freedom to switch when they feel comfortable with it. We will also announce those changes via the debian-security-announce and debian-lts-announce mailing lists which will contain links to https://wiki.debian.org/LTS/Wheezy This site will document all important issues to be aware of for Wheezy LTS. There will also be another NEWS on debian.org too. >> Otherwise I have identified four packages that strictly depend on >> openjdk-6-jdk and fourteen packages that depend on openjdk-6-jre without >> a good alternative. My intention is to switch the dependencies to >> something like default-jre | java6-runtime or default-jdk | java6-sdk. >> The change is trivial, I was just wondering why so many packages were in >> this state back then. > > I recall there being some confusion (perhaps also perpetrated or > propagated by me) as to the Right Way of specifying a java runtime > dependency. We could (and probably should) add a lintian warning about > such strict dependencies. > >> Any suggestions what should be avoided or done when switching the >> default to OpenJDK 7 in Wheezy? > > I believe you are forging a new trail here. Thank you for investing in > LTS support. I got some feedback from Emmanuel on IRC and he voiced some concerns about the switch to OpenJDK 7 because web applications might behave differently. This site lists all those possible compatibility issues. [1] This is mainly an issue with web servers like Tomcat. However after checking the dependencies again, it appears that Tomcat 6 / 7 already depend on default-jre-headless | java6-runtime-headless. Even if we switched the default to OpenJDK 7, the dependencies would be satisfied and OpenJDK 7 would not be pulled in except if specifically requested. Emmanuel, could you outline again what needs to be done to address your concerns? As far as dependencies goes this looks sane to me. Regards, Markus [1] http://www.oracle.com/technetwork/java/javase/compatibility-417013.html signature.asc Description: OpenPGP digital signature
Re: Making OpenJDK 7 the default in Wheezy-LTS
Hello Markus, On 03/24/2016 12:03 PM, Markus Koschany wrote: > Hi all, > > Wheezy-LTS is going to start next month and there is the intention to > switch the default-jre|jdk from OpenJDK 6 to OpenJDK 7 because the > latter can be supported until Wheezy reaches EOL in 2018-05-31. > > I've pushed a new branch wheezy-lts to java-common with the necessary > changes in debian/rules. > > https://anonscm.debian.org/cgit/pkg-java/java-common.git/tree/debian/rules?h=wheezy-lts > > Can someone confirm that this is really sufficient to switch the default > to OpenJDK 7? > > Is there a way to change the preferred Java environment to OpenJDK 7 > with update-alternatives, assumed OpenJDK 6 was installed before? Is > this a good idea or should we just warn users about the fact that they > use an unsupported Java version on their system and recommend to do the > switch manually? Since things could potentially break, or the user might have already performed some custom configuration, I think warning the user via a new NEWS entry (see [1]) in java-common is appropriate. Then the user can take the necessary/desired action. > Otherwise I have identified four packages that strictly depend on > openjdk-6-jdk and fourteen packages that depend on openjdk-6-jre without > a good alternative. My intention is to switch the dependencies to > something like default-jre | java6-runtime or default-jdk | java6-sdk. > The change is trivial, I was just wondering why so many packages were in > this state back then. I recall there being some confusion (perhaps also perpetrated or propagated by me) as to the Right Way of specifying a java runtime dependency. We could (and probably should) add a lintian warning about such strict dependencies. > Any suggestions what should be avoided or done when switching the > default to OpenJDK 7 in Wheezy? I believe you are forging a new trail here. Thank you for investing in LTS support. Cheers, tony [1] https://www.debian.org/doc/manuals/developers-reference/best-pkging-practices.html#bpp-news-debian signature.asc Description: OpenPGP digital signature
Making OpenJDK 7 the default in Wheezy-LTS
Hi all, Wheezy-LTS is going to start next month and there is the intention to switch the default-jre|jdk from OpenJDK 6 to OpenJDK 7 because the latter can be supported until Wheezy reaches EOL in 2018-05-31. I've pushed a new branch wheezy-lts to java-common with the necessary changes in debian/rules. https://anonscm.debian.org/cgit/pkg-java/java-common.git/tree/debian/rules?h=wheezy-lts Can someone confirm that this is really sufficient to switch the default to OpenJDK 7? Is there a way to change the preferred Java environment to OpenJDK 7 with update-alternatives, assumed OpenJDK 6 was installed before? Is this a good idea or should we just warn users about the fact that they use an unsupported Java version on their system and recommend to do the switch manually? Otherwise I have identified four packages that strictly depend on openjdk-6-jdk and fourteen packages that depend on openjdk-6-jre without a good alternative. My intention is to switch the dependencies to something like default-jre | java6-runtime or default-jdk | java6-sdk. The change is trivial, I was just wondering why so many packages were in this state back then. Any suggestions what should be avoided or done when switching the default to OpenJDK 7 in Wheezy? Thanks, Markus signature.asc Description: OpenPGP digital signature
