LTS for public releases
sritter at azul.com
Sat Nov 11 14:55:41 UTC 2017
I feel compelled to join this discussion...
> Date: Fri, 10 Nov 2017 20:16:52 +0000
> From: Stephen Colebourne<scolebourne at joda.org>
> To:jdk-dev at openjdk.java.net
> Subject: Re: LTS for public releases
> <CACzrW9Ad0PNkq-gzhunbjVE734pjXw=avT=FCGwA5gLe6N3TZg at mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
> On 9 November 2017 at 16:34, Andrew Haley<aph at redhat.com> wrote:
>> I'm finding it very hard to understand what you're complaining about.
>> Look at the history: JDK 6 support has been extended by the community,
>> led first by me and then by Andrew Byrgin at Azul. This was long
>> beyond Oracle's EOL five years ago. This shows that the OpenJDK
>> community has a solid track record of supporting old releases. Why
>> would the LTS releases be any different? As long as people need the
>> JDKs (and perhaps for longer!) they are available.
> As far as I can tell, I can't get a pre-built binary of JDK 6 or JDK 7
> from Red Hat without paying. I imagine the same will apply for JDK 8
> when that ends public updates. And OpenJDK hasn't been doing binaries
> until very recently so that isn't helpful for judging what will happen
> going forward.
Herein lies the crux of the problem. Sun and subsequently Oracle have
always provided the latest release of the JDK and JRE without charge for
"general purpose computing" i.e., desktops and servers. Sun introduced
the field-of-use restriction to protect the only area of Java that they
ever made any money from: embedded and mobile. With the recent
announcement of GPLv2 binaries, even that has, in effect, gone away.
What I can't understand is why you would think that Oracle has a duty to
provide free public updates for older versions of the platform
indefinitely? You can't get a pre-built binary of JDK 6 with the latest
patches, sure. However, JDK 6 is very nearly eleven years old and three
full versions behind the current release. It just doesn't make
commercial sense to have engineers building binaries like this and doing
it for free. If you want support for an ancient version like this, I'm
sorry, you have to pay for it. Otherwise, build the binary yourself
(Azul backport the security fixes and upstream them to the OpenJDK6
project). That way you only have to pay with your time.
OpenJDK is free and open source, but that's free-as-in-speech, not
> Up until today there have been 28 public update releases of Oracle JDK 8:
> These are simple upgrades that generally require no developer work to
> upgrade to. Any serious company should use these to ensure they are
> security-patch safe. They have all been made available for $free.
> Looking to the future, and based on promises to date, the world looks
> very different. LTS from Oracle is almost certainly paid for. The
> equivalent from Red Hat or Azul is also likely to be paid for. Thus
> there appears to be no future official LTS release, with binaries,
> publicly available, for $free.
> The impact, based on current published dates, is that every
> security-conscious user of Java who does not pay, would have to join
> the ongoing train of releases. They would have to change feature
> version every 6 months, because those will be the only official
> security-safe binaries. For the less security-conscious, they'll just
> stick on 8 or 9 and get far fewer security updates than before -
> surely a step backward for Java as a platform.
> Ultimately, these are the criteria I believe are needed for a successful LTS:
> - a $free pre-built downloadable binary
> - pre-built for multi-platforms
> - from a single official location (eg. OpenJDK or Oracle)
> - $free security-patch updates every 3 months or so until at least one
> year after the GA of the next LTS
> I've yet to see Oracle or anyone else commit to these LTS criteria.
> But I'm happy to be proved wrong.
More information about the jdk-dev