| Summary: | requesting jdk-8 support for arm | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | M. B. <tomboy64> |
| Component: | [OLD] Java | Assignee: | Java team <java> |
| Status: | RESOLVED OBSOLETE | ||
| Severity: | normal | CC: | tesoro302 |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | ARM | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
M. B.
2015-06-08 21:03:06 UTC
While I understand that there really is no alternative at the moment, I really wouldn't be comfortable with adding a known-vulnerable version to the tree. I hope icedtea won't be far too away. You're the only person calling for this, could you just modify the ebuild for your own needs? It already has the ARM stuff present. *** Bug 551664 has been marked as a duplicate of this bug. *** Actually that was the reason I filed this bug. I would advocate adding u33 as hardmasked, with just the arm keyword. So people can look up that it is vulnerable; maybe in the java-overlay? The alternative is someone blindly downloading it and stuffing the binary into the running system, without any control of the package manager. As the duplicate shows, I am not the only one looking for arm support with a jdk-8. Resolving http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2413 in pre04 should get us further with ARM on IcedTea 3.x. I'd rather we invested time there than supported a proprietary binary with known security issues. Some software purportedly only supports the Oracle bin and isn't compatible with OpenJDK. Do the vulnerabilities only pertain to running untrusted code? If so, it would be nice to be able to use it with a Java program you trust. obsolete now since icedtea-3.0.0 builds on arm since pre04-r1. |
