[Mageia-dev] Removal of sun java

Thu Mar 29 23:06:54 CEST 2012

Am 29.03.2012 22:23, schrieb Maarten Vanraes:
+> Op donderdag 29 maart 2012 21:08:22 schreef David Walser:
+>> Guillaume Rousse <guillomovitch at ...> writes:
+>>> If I want to keep a proprietary JRE on my computers, because I trust it
+>>> more to run crap proprietary applications (also called
+>>> corporate-compliants), than marvelous free-licensed environment they
+>>> have never been tested with, that is my choice, not yours.
+So you say that you really want to keep an outdated
+package with many security holes, which even the
+infamous Zeus bot is said to exploit?
+
+Sure, that's your choice and you're free to do this,
+but we can't keep our users susceptible to such
+problems.
+>> If they really want to keep Sun Java, shouldn't they just download the
+>> installer from Sun and install it themselves, rather than using some
+>> obsolete Mageia 1 package of it?
+>
+> well, iinm the version that the people have, will still have the correct 
+> license and we are able to distribute it fine.
+>
+> i would argue that if security bugs we could remove it, but i'm not too sure 
+> on this point... i mean, can we really remove it from them? otoh, people 
+> wanting to have the proprietary ones, likely know what they are doing...
+>
+> perhaps we can obsolete it with one of those nonfree getters? (if security 
+> bug)
+>
+> or, maybe a package that gives an README.urpmi ...
+>
+> IMHO: i think obsoleting it is fine, but with a README.urpmi that says notifies 
+> that it's been obsoleted.
+That was the proposal, and that's what Ubuntu has done,
+IIRC, they blanked the existing packages and notified
+people, that they should either use OpenJDK or manually
+get Java from Oracle.
+>
+> (unless someone wants to have and maintain a nonfree getter application that 
+> fetches the upstream releases)
+>
+> we really shouldn't keep stuff we can't maintain...
+>
+
+