LTS for public releases
scolebourne at joda.org
Fri Nov 10 20:16:52 UTC 2017
On 9 November 2017 at 16:34, Andrew Haley <aph at redhat.com> wrote:
> I'm finding it very hard to understand what you're complaining about.
> Look at the history: JDK 6 support has been extended by the community,
> led first by me and then by Andrew Byrgin at Azul. This was long
> beyond Oracle's EOL five years ago. This shows that the OpenJDK
> community has a solid track record of supporting old releases. Why
> would the LTS releases be any different? As long as people need the
> JDKs (and perhaps for longer!) they are available.
As far as I can tell, I can't get a pre-built binary of JDK 6 or JDK 7
from Red Hat without paying. I imagine the same will apply for JDK 8
when that ends public updates. And OpenJDK hasn't been doing binaries
until very recently so that isn't helpful for judging what will happen
Up until today there have been 28 public update releases of Oracle JDK 8:
These are simple upgrades that generally require no developer work to
upgrade to. Any serious company should use these to ensure they are
security-patch safe. They have all been made available for $free.
Looking to the future, and based on promises to date, the world looks
very different. LTS from Oracle is almost certainly paid for. The
equivalent from Red Hat or Azul is also likely to be paid for. Thus
there appears to be no future official LTS release, with binaries,
publicly available, for $free.
The impact, based on current published dates, is that every
security-conscious user of Java who does not pay, would have to join
the ongoing train of releases. They would have to change feature
version every 6 months, because those will be the only official
security-safe binaries. For the less security-conscious, they'll just
stick on 8 or 9 and get far fewer security updates than before -
surely a step backward for Java as a platform.
Ultimately, these are the criteria I believe are needed for a successful LTS:
- a $free pre-built downloadable binary
- pre-built for multi-platforms
- from a single official location (eg. OpenJDK or Oracle)
- $free security-patch updates every 3 months or so until at least one
year after the GA of the next LTS
I've yet to see Oracle or anyone else commit to these LTS criteria.
But I'm happy to be proved wrong.
More information about the jdk-dev