LTS for public releases

Stephen Colebourne scolebourne at joda.org
Sun Nov 12 10:45:30 UTC 2017 

On 11 November 2017 at 14:55, Simon Ritter <sritter at azul.com> wrote:
> What I can't understand is why you would think that Oracle has a duty to
> provide free public updates for older versions of the platform indefinitely?

I haven't asked for that, nor would I.

I have asked that there be $free public security updates with
downloadable binaries of each LTS version until one year after the
next LTS. ie. Java 8 supported until one year after Java 11. Java 11
supported until one year after Java 17 (on current LTS plans). This is
pretty close to the model that Java has always had - a model that has
been vital to its success. I don't think this is an unreasonable
expectation of a platform used by 10+ million developers.

I would also prefer that there were also 3 public updates of non-LTS
releases like Java 9, 10 and 12, to allow a short migration period to
the next feature release for those on the constant upgrade train, as I
don't believe updating to the next version on the day of its release
is viable.

Stephen


> You can't get a pre-built binary of JDK 6 with the latest patches, sure.
> However, JDK 6 is very nearly eleven years old and three full versions
> behind the current release.  It just doesn't make commercial sense to have
> engineers building binaries like this and doing it for free.  If you want
> support for an ancient version like this, I'm sorry, you have to pay for it.
> Otherwise, build the binary yourself (Azul backport the security fixes and
> upstream them to the OpenJDK6 project).  That way you only have to pay with
> your time.
>
> OpenJDK is free and open source, but that's free-as-in-speech, not
> free-as-in-beer.
>>
>>
>> Up until today there have been 28 public update releases of Oracle JDK 8:
>>   http://www.oracle.com/technetwork/java/javase/8u-relnotes-2225394.html
>> These are simple upgrades that generally require no developer work to
>> upgrade to. Any serious company should use these to ensure they are
>> security-patch safe. They have all been made available for $free.
>>
>> Looking to the future, and based on promises to date, the world looks
>> very different. LTS from Oracle is almost certainly paid for. The
>> equivalent from Red Hat or Azul is also likely to be paid for. Thus
>> there appears to be no future official LTS release, with binaries,
>> publicly available, for $free.
>>
>> The impact, based on current published dates, is that every
>> security-conscious user of Java who does not pay, would have to join
>> the ongoing train of releases. They would have to change feature
>> version every 6 months, because those will be the only official
>> security-safe binaries. For the less security-conscious, they'll just
>> stick on 8 or 9 and get far fewer security updates than before -
>> surely a step backward for Java as a platform.
>>
>> Ultimately, these are the criteria I believe are needed for a successful
>> LTS:
>> - a $free pre-built downloadable binary
>> - pre-built for multi-platforms
>> - from a single official location (eg. OpenJDK or Oracle)
>> - $free security-patch updates every 3 months or so until at least one
>> year after the GA of the next LTS
>>
>> I've yet to see Oracle or anyone else commit to these LTS criteria.
>> But I'm happy to be proved wrong.
>>
>> Stephen

More information about the jdk-dev mailing list