From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/2012-March/013719.html | 128 ++++++++++++++++++++++++++++++ 1 file changed, 128 insertions(+) create mode 100644 zarb-ml/mageia-dev/2012-March/013719.html (limited to 'zarb-ml/mageia-dev/2012-March/013719.html') diff --git a/zarb-ml/mageia-dev/2012-March/013719.html b/zarb-ml/mageia-dev/2012-March/013719.html new file mode 100644 index 000000000..996fdc09b --- /dev/null +++ b/zarb-ml/mageia-dev/2012-March/013719.html @@ -0,0 +1,128 @@ + + + + [Mageia-dev] Removal of sun java + + + + + + + + + +

[Mageia-dev] Removal of sun java

+ Christian Lohmaier + lohmaier+mageia at googlemail.com +
+ Fri Mar 30 13:34:23 CEST 2012 +

+
+ +
Hi *,
+
+On Fri, Mar 30, 2012 at 9:52 AM, Guillaume Rousse
+<guillomovitch at gmail.com> wrote:
+> [...]
+> You're not a system administrator, whose duty is to take this kind of
+> decision, you are a technical solution provider. You're clearly confusing
+> the roles here.
+
+I don't get your problem really. Of course Mageia will only replace
+the mageia packaged version of Sun's java, not a version you obtained
+from Oracle.
+
+So while the user who has a security-flawed version of mageia's
+sun-java installed will have it scheduled for an update and replaced
+by OpenJDK, that user
+a) is not forced to do the update
+b) can just install a fixed version of Java from Oracle instead
+c) update and not care that much (>90% of the user base)
+
+> But automatically removing software
+> for security concerns, without asking for user consent,
+
+You are asked for confirmation when installing updates - you get
+notification that there are updates, and then have the choice to
+accept them or decline them.
+
+And there is a possiblilty to flag packages as "don't update those"
+via configuration files.
+
+> would be a first
+> step into transfering decision power from user to operating system vendor.
+> Trusted computing approach, in other terms.
+
+This is a weak argument really, as there were always security updates.
+Those as well were telling the user to update, and not wait until
+$system-admin decided it is time to check for vulnerabilities.
+There have been obsolete packages in the past as well, replacing
+unmaintained/outdated packages by better (for most) alternatives.
+
+This time it is just both at the same time.
+
+So if you want your outdated mageia-version of java, just tell urpmi
+to not touch it.
+
+But don't argue that the rest of the userbase should continue running
+a flawed version just because you have a special need. Users have a
+choice to unselect updates. If they don't read the update's
+description, it is their fault, not mageias.
+Users have the choice to specify packages that must never be removed
+in configuration files
+
+ciao
+Christian
+
+ + + + + + + + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1