LTS for public releases

[Martijn Verburg]

Hi Stephen,

It's our intention that the Adopt OpenJDK build farm will fill any gaps
that occur here.  Would be great if you and/or OpenGamma could help out
with time and / or donated machines!

Head on over to www.adoptopenjdk.net and you can join the mailing list and
slack from there.

Cheers,
Martijn

On 12 November 2017 at 10:45, Stephen Colebourne <scolebourne at joda.org>
wrote:

> On 11 November 2017 at 14:55, Simon Ritter <sritter at azul.com> wrote:
> > What I can't understand is why you would think that Oracle has a duty to
> > provide free public updates for older versions of the platform
> indefinitely?
>
> I haven't asked for that, nor would I.
>
> I have asked that there be $free public security updates with
> downloadable binaries of each LTS version until one year after the
> next LTS. ie. Java 8 supported until one year after Java 11. Java 11
> supported until one year after Java 17 (on current LTS plans). This is
> pretty close to the model that Java has always had - a model that has
> been vital to its success. I don't think this is an unreasonable
> expectation of a platform used by 10+ million developers.
>
> I would also prefer that there were also 3 public updates of non-LTS
> releases like Java 9, 10 and 12, to allow a short migration period to
> the next feature release for those on the constant upgrade train, as I
> don't believe updating to the next version on the day of its release
> is viable.
>
> Stephen
>
>
> > You can't get a pre-built binary of JDK 6 with the latest patches, sure.
> > However, JDK 6 is very nearly eleven years old and three full versions
> > behind the current release.  It just doesn't make commercial sense to
> have
> > engineers building binaries like this and doing it for free.  If you want
> > support for an ancient version like this, I'm sorry, you have to pay for
> it.
> > Otherwise, build the binary yourself (Azul backport the security fixes
> and
> > upstream them to the OpenJDK6 project).  That way you only have to pay
> with
> > your time.
> >
> > OpenJDK is free and open source, but that's free-as-in-speech, not
> > free-as-in-beer.
> >>
> >>
> >> Up until today there have been 28 public update releases of Oracle JDK
> 8:
> >>   http://www.oracle.com/technetwork/java/javase/8u-
> relnotes-2225394.html
> >> These are simple upgrades that generally require no developer work to
> >> upgrade to. Any serious company should use these to ensure they are
> >> security-patch safe. They have all been made available for $free.
> >>
> >> Looking to the future, and based on promises to date, the world looks
> >> very different. LTS from Oracle is almost certainly paid for. The
> >> equivalent from Red Hat or Azul is also likely to be paid for. Thus
> >> there appears to be no future official LTS release, with binaries,
> >> publicly available, for $free.
> >>
> >> The impact, based on current published dates, is that every
> >> security-conscious user of Java who does not pay, would have to join
> >> the ongoing train of releases. They would have to change feature
> >> version every 6 months, because those will be the only official
> >> security-safe binaries. For the less security-conscious, they'll just
> >> stick on 8 or 9 and get far fewer security updates than before -
> >> surely a step backward for Java as a platform.
> >>
> >> Ultimately, these are the criteria I believe are needed for a successful
> >> LTS:
> >> - a $free pre-built downloadable binary
> >> - pre-built for multi-platforms
> >> - from a single official location (eg. OpenJDK or Oracle)
> >> - $free security-patch updates every 3 months or so until at least one
> >> year after the GA of the next LTS
> >>
> >> I've yet to see Oracle or anyone else commit to these LTS criteria.
> >> But I'm happy to be proved wrong.
> >>
> >> Stephen
>