Java 7 for Mac OSX

[Phil Race]

On 2/21/2012 4:24 PM, Richard Bair wrote:
>
> For app deploy, security is a non issue, because a desktop app has no security manager and therefore can do anything the system allows, and cannot do anything the system forbids. So for app deploy it is a red herring.

True as far as it goes for pure client/desktop apps here where that 
security is a non-concern
means more that since the end-user already trusted the app to install 
and be granted
privileges akin to native code, so that upgrading to fix security bugs 
in the JRE against
untrusted code is pointless.

But "server" apps which respond to untrusted requests are more like web 
deployed apps.
If they bundle a JRE then you need to update the whole bundle as new 
more secure
JREs become available, so that unscrupulous people can't compromise your 
server.

I also want to make it clear that whilst increasing security and 
maintaining compatibility
are sometimes conflicting goals, that the Java SE org. has for many 
years made
compatibility a key theme. We do not just pay lip service to 
compatibility. We work
very hard at it. Yes, we may break apps, intentionally or 
unintentionally, but its not
for the want of trying. I think overall we've become good at it, and its 
really important
to customers. They do test when we ship a new release, and then they 
complain
loudly and/or often if we broke something. And if we can fix that, we will.
Enterprise customers expect this. They'll go somewhere else if we aren't 
serious about it.
I think you are more likely to have an app behave differently on a new 
platform/version
than you are purely due to a patch upgrade in the JRE on the same 
platform/version.

-phil.