Re: [openj9-dev] Security Update Policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [openj9-dev] Security Update Policy

From: Duft Markus <Markus.Duft@xxxxxxxxxxxxxxxx>
Date: Wed, 25 Apr 2018 05:38:13 +0000
Accept-language: en-US, de-DE
Delivered-to: openj9-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/openj9-dev>
List-help: <mailto:openj9-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/openj9-dev>, <mailto:openj9-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/openj9-dev>, <mailto:openj9-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AdPbw7OR0/uWZkQHQHueMUNiT/KsnAAGWy4AAB566OA=
Thread-topic: [openj9-dev] Security Update Policy

Hey,

Thanks a lot for what you have information wise J

Of course for a company most interesting is the question: „If I put this thing into production in version X, how long will there be security/critical updates available (in a sufficiently short timeframe).“ This is something that needs an answer before making decisions. I understand that this is a little behind the horizon for you right now J

(From a management point of view, ) even an answer like: “it’s open source, go fix it yourself and we will happily accept security patches” would be kind of acceptable. Maybe not driving decision towards OpenJ9, but still acceptable :D

Cheers,

Markus

From: openj9-dev-bounces@xxxxxxxxxxx [mailto:openj9-dev-bounces@xxxxxxxxxxx] On Behalf Of Mark Stoodley
Sent: Tuesday, April 24, 2018 7:02 PM
To: openj9 developer discussions <openj9-dev@xxxxxxxxxxx>
Subject: Re: [openj9-dev] Security Update Policy

Hi Markus,

> Lately there has been a little re-shuffling in release cycles/security update policies on Java VMs JTrying to figure out a way forward and a VM to choose for the future, is there any information regarding OpenJ9’s security update policy, release cycles, etc.?

Short answer is that we're still putting together the full answer to your question, but there is some useful information presented as part of this discussion on our proposed support statements:
https://github.com/eclipse/openj9/issues/1616

You'll see there is a proposed release cadence for Eclipse OpenJ9 in a table in that issue that I'll summarize as "basically quarterly" and also aligning as much as we think possible with the expected activities at OpenJDK. Our nightly and release binaries are built at AdoptOpenJDK and you can read their statements here: https://adoptopenjdk.net/support.html.

I know it's not exactly what you're asking for but I tried to provide as many details as we currently have. If you have specific follow-on questions, feel free to ask here or on our slack channels and we can try to work through the gaps together as a group.

--mark

Follow-Ups:
- Re: [openj9-dev] Security Update Policy
  - From: Mark Stoodley

References:
- [openj9-dev] Security Update Policy
  - From: Duft Markus
- Re: [openj9-dev] Security Update Policy
  - From: Mark Stoodley

Prev by Date: Re: [openj9-dev] Security Update Policy
Next by Date: Re: [openj9-dev] Security Update Policy
Previous by thread: Re: [openj9-dev] Security Update Policy
Next by thread: Re: [openj9-dev] Security Update Policy
Index(es):
- Date
- Thread

Breadcrumbs