LTS for public releases

Andrew Haley aph at redhat.com
Fri Nov 10 21:35:08 UTC 2017 

On 10/11/17 20:16, Stephen Colebourne wrote:
> On 9 November 2017 at 16:34, Andrew Haley <aph at redhat.com> wrote:
>> I'm finding it very hard to understand what you're complaining about.
>> Look at the history: JDK 6 support has been extended by the community,
>> led first by me and then by Andrew Byrgin at Azul.  This was long
>> beyond Oracle's EOL five years ago.  This shows that the OpenJDK
>> community has a solid track record of supporting old releases.  Why
>> would the LTS releases be any different?  As long as people need the
>> JDKs (and perhaps for longer!)  they are available.
> 
> As far as I can tell, I can't get a pre-built binary of JDK 6 or JDK 7
> from Red Hat without paying.

You can get Linux binaries, kinda sorta, from fedoraproject.org and
CentOS.  Properly tested and TCK'd.  We've been doing it a long while.
I suppose you could complain that it's not "official" Red Hat, but
that's more of a theoretical problem than a practical one.

> I imagine the same will apply for JDK 8 when that ends public
> updates.  And OpenJDK hasn't been doing binaries until very recently
> so that isn't helpful for judging what will happen going forward.
>
> Up until today there have been 28 public update releases of Oracle JDK 8:
>  http://www.oracle.com/technetwork/java/javase/8u-relnotes-2225394.html
> These are simple upgrades that generally require no developer work to
> upgrade to. Any serious company should use these to ensure they are
> security-patch safe. They have all been made available for $free.
> 
> Looking to the future, and based on promises to date, the world looks
> very different. LTS from Oracle is almost certainly paid for. The
> equivalent from Red Hat or Azul is also likely to be paid for. Thus
> there appears to be no future official LTS release, with binaries,
> publicly available, for $free.

Sure, pre-built binaries need to be made available.  We have been
talking with all of the major players including Oracle and Adopt
OpenJDK, to address this very issue.

> The impact, based on current published dates, is that every
> security-conscious user of Java who does not pay, would have to join
> the ongoing train of releases.

I hope not.  I don't believe that would be practical.

> Ultimately, these are the criteria I believe are needed for a successful LTS:
> - a $free pre-built downloadable binary
> - pre-built for multi-platforms
> - from a single official location (eg. OpenJDK or Oracle)
> - $free security-patch updates every 3 months or so until at least one
> year after the GA of the next LTS
> 
> I've yet to see Oracle or anyone else commit to these LTS criteria.
> But I'm happy to be proved wrong.

We're still talking about it.  Of course, if you have no contract
no-one is obliged to give you anything, but we don't want confidence
in Java to falter.  If you're going to insist that Oracle is the only
One True Source of Java there's nothing I can do to help, but then
you wouldn't be talking on this list, which is for OpenJDK.

-- 
Andrew Haley
Java Platform Lead Engineer
Red Hat UK Ltd. <https://www.redhat.com>
EAC8 43EB D3EF DB98 CC77 2FAD A5CD 6035 332F A671

More information about the jdk-dev mailing list