[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-devel-list
Subject:    Re: F37 proposal: Build all JDKs in Fedora against in-tree libraries and with static stdc++lib (Syst
From:       Peter Boy <pboy () uni-bremen ! de>
Date:       2022-05-27 16:36:27
Message-ID: CBF20397-4846-4128-8AE0-2FE2828EBF3E () uni-bremen ! de
[Download RAW message or body]



> Am 27.05.2022 um 17:37 schrieb Vitaly Zaitsev via devel \
> <devel@lists.fedoraproject.org>: 
> On 27/05/2022 15:30, Peter Boy wrote:
> > Really sorry, but such a statement is simply intellectual bullshit. \
> > Unfortunately, it is not possible to formulate this in a more friendly yet \
> > unambiguous way. And in this thread in particular, the many allegations, \
> > unclouded by any expertise but made all the more decisively, are simply annoying \
> > - and a huge waste of everyone's time in the long run.
> 
> But it's true.
> 
> One of my packages had a bundled library with 6 critical vulnerabilities (outdated \
> for 5 years). The upstream developers said they didn't care because they needed \
> their app to run under Ubuntu 12.04 LTS. Fixed it manually by switching to the \
> packaged version. 
> Another package had bundled OpenSSL, which was 3 years out of date.

Yes, but your examples and experiences are not related to a lib bundled or not, but \
it is about the effort a maintainer puts in their package. We had also (unbundled) \
libs, which were outdated and we had to wait a long time until a vulnerability was \
fixed.

And given the high quality of our openjdk packages and given experiences of the last \
nearly 2 decades with the regularity of updates, I'm sure we get an openjdk update as \
soon as an issue with one of the bundled libs arises. 


And as an afterthought:
Sorry for the wording. I was (and I am) seriously annoyed by this thread (and some \
others of that kind). 

We have had such excellent Java JDKs for years and right now in the last 4 major JDK \
versions in parallel, that is just great!  It is allowing any developer to test their \
software in a comprehensive and enterprise ready manner. 

This deserves unrestricted respect and not this nagging about problems that are \
claimed but do not exist. If someone is not so well versed in Java universe, no \
problem. Everyone is welcome to ask questions, but not to throw any wild assertions \
into the room. 


Thanks
Peter



--
Peter Boy
https://fedoraproject.org/wiki/User:Pboy
pboy@fedoraproject.org

Timezone: CET (UTC+1) / CEST (UTC+2)


Fedora Server Edition Working Group member
Fedora docs team contributor
Java developer and enthusiast


_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
 Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure


[prev in list] [next in list] [prev in thread] [next in thread]