LSB Java support and Java updates

Submitted by john.dallman on Mon, 11/17/2008 - 13:30.

It's good to see Java support appearing in LSB 4.0. How will the updating of the JRE be handled? Buffer-overflow exploits and the like are discovered in JREs reasonably frequently, and Sun releases updates. Will the LSB JRE be capable of automatically updating, or will it be frozen on a particular version?

thanks, -- John Dallman Parasolid Porting Engineer Siemens PLM Software

john.dallman@siemens.com www.siemens.com/plm

‹ Information about LSB certified distribution Questions about history ›
Login or register to post comments |
LSB Java support and Java updates - Submitted by Wichmann Mats D on Mon, 11/17/2008 - 14:30.
Submitted by Wichmann Mats D on Mon, 11/17/2008 - 14:30.

Dallman, John wrote:
> It's good to see Java support appearing in LSB 4.0. How will
> the updating of the JRE be handled? Buffer-overflow exploits
> and the like are discovered in JREs reasonably frequently,
> and Sun releases updates. Will the LSB JRE be capable of
> automatically updating, or will it be frozen on a particular
> version?
>
> thanks,

It won't be version-frozen, at least at this point.

Login or register to post comments
LSB Java support and Java updates - Submitted by john.dallman on Mon, 11/17/2008 - 14:45.
Submitted by john.dallman on Mon, 11/17/2008 - 14:45.

Wichmann, Mats D wrote:
> Dallman, John wrote:
> > It's good to see Java support appearing in LSB 4.0. How will
> > the updating of the JRE be handled? Buffer-overflow exploits
> > and the like are discovered in JREs reasonably frequently,
> > and Sun releases updates. Will the LSB JRE be capable of
> > automatically updating, or will it be frozen on a particular
> > version?
> It won't be version-frozen, at least at this point.

That's good. Our legal people are getting antsy about the idea of
software that requires a particular patch level of a JRE, once
that JRE is known to have exploitable security holes.

--
John Dallman
Parasolid Porting Engineer

Siemens PLM Software
46 Regent Street, Cambridge, CB2 1DP
United Kingdom
Tel: +44-1223-371554
john.dallman@siemens.com
www.siemens.com/plm

Login or register to post comments
LSB Java support and Java updates - Submitted by tytso on Mon, 11/17/2008 - 22:00.
Submitted by tytso on Mon, 11/17/2008 - 22:00.

On Mon, Nov 17, 2008 at 03:37:42PM +0100, Dallman, John wrote:
> Wichmann, Mats D wrote:
> > Dallman, John wrote:
> > > It's good to see Java support appearing in LSB 4.0. How will
> > > the updating of the JRE be handled? Buffer-overflow exploits
> > > and the like are discovered in JREs reasonably frequently,
> > > and Sun releases updates. Will the LSB JRE be capable of
> > > automatically updating, or will it be frozen on a particular
> > > version?
> > It won't be version-frozen, at least at this point.
>
> That's good. Our legal people are getting antsy about the idea of
> software that requires a particular patch level of a JRE, once
> that JRE is known to have exploitable security holes.
>

I can't imagine any way that we would be freezing on a specific patch
level of the JRE. One of the reasons why Java going to be Trial Use
in LSB 4.0 is because we need to make sure we really have locked
gotten right the requirements for certifying the Java component.

Certainly one of the methods will be to include the passing the TCK,
which can be made available via the Open JDK license, or via other
licensing arragements that can be made. The TCK could be run by the
distribution requesting certification, or it could be run by the
provider of the JRE. In the latter case, there are some interesting
questions about whether the JRE has to be run on exactly the same OS
revision as the one which is receiving LSB certification, or whether a
certain amount of flexibility will be allowed here. The Sun folks
have argued that they have run into problems where a JRE has run into
problems caused by differences in the OS environment, and that's
probably true. However, because there maybe issues relating the
availability of the TCK (which is **not** open source, and for which
each project has to go indvidually to Sun to request), we may end up
being more flexible than what Sun might allow for the purposes of LSB
certification.

(i.e., if Distribution X uses a JRE that was originally intended for
Distribution Y, and for whatever reason Distribution X can not obtain
the TCK, and the JRE passed the TCK on Distribution Y and is therefore
allowed to use the Java steaming coffee cup logo, we might allow
distribution X to use that as evidence that it passes the Java
requirement for LSB. This wouldn't allow distribution X to use Sun's
Java trademark, of course; only Sun has the right to require this. So
this is part of what we will need to get ironed out.)

- Ted

Login or register to post comments
LSB Java support and Java updates - Submitted by tytso on Mon, 11/17/2008 - 22:00.
Submitted by tytso on Mon, 11/17/2008 - 22:00.

On Mon, Nov 17, 2008 at 03:37:42PM +0100, Dallman, John wrote:
> Wichmann, Mats D wrote:
> > Dallman, John wrote:
> > > It's good to see Java support appearing in LSB 4.0. How will
> > > the updating of the JRE be handled? Buffer-overflow exploits
> > > and the like are discovered in JREs reasonably frequently,
> > > and Sun releases updates. Will the LSB JRE be capable of
> > > automatically updating, or will it be frozen on a particular
> > > version?
> > It won't be version-frozen, at least at this point.
>
> That's good. Our legal people are getting antsy about the idea of
> software that requires a particular patch level of a JRE, once
> that JRE is known to have exploitable security holes.
>

I can't imagine any way that we would be freezing on a specific patch
level of the JRE. One of the reasons why Java going to be Trial Use
in LSB 4.0 is because we need to make sure we really have locked
gotten right the requirements for certifying the Java component.

Certainly one of the methods will be to include the passing the TCK,
which can be made available via the Open JDK license, or via other
licensing arragements that can be made. The TCK could be run by the
distribution requesting certification, or it could be run by the
provider of the JRE. In the latter case, there are some interesting
questions about whether the JRE has to be run on exactly the same OS
revision as the one which is receiving LSB certification, or whether a
certain amount of flexibility will be allowed here. The Sun folks
have argued that they have run into problems where a JRE has run into
problems caused by differences in the OS environment, and that's
probably true. However, because there maybe issues relating the
availability of the TCK (which is **not** open source, and for which
each project has to go indvidually to Sun to request), we may end up
being more flexible than what Sun might allow for the purposes of LSB
certification.

(i.e., if Distribution X uses a JRE that was originally intended for
Distribution Y, and for whatever reason Distribution X can not obtain
the TCK, and the JRE passed the TCK on Distribution Y and is therefore
allowed to use the Java steaming coffee cup logo, we might allow
distribution X to use that as evidence that it passes the Java
requirement for LSB. This wouldn't allow distribution X to use Sun's
Java trademark, of course; only Sun has the right to require this. So
this is part of what we will need to get ironed out.)

- Ted

Login or register to post comments
LSB Java support and Java updates - Submitted by LSB List on Mon, 11/17/2008 - 23:00.
Submitted by LSB List on Mon, 11/17/2008 - 23:00.

Posted to the lsb-discuss mailing list by: Mark Wielaard


On Mon, 2008-11-17 at 16:52 -0500, Theodore Tso wrote:
> Certainly one of the methods will be to include the passing the TCK

The TCK is a software project itself with different versions, even for
the same java specification. There are also various components that
might or might not be supported (if they are supported they must pass
all tests though) and there are components that might implement
different api versions of "endorsed standards". So you will have to be
pretty specific about which version and configuration of the TCK you
require. See here for example:
http://openjdk.java.net/groups/conformance/docs/JCK6bUsersGuide/html/p4....

> the JRE passed the TCK on Distribution Y and is therefore
> allowed to use the Java steaming coffee cup logo, we might allow
> distribution X to use that as evidence that it passes the Java
> requirement for LSB.

Passing the TCK does not give you rights to the logo, trademark or claim
that you are Java Compatible (TM). That is a separate agreement you have
to reach with Sun and for which there are no public agreements available
as far as I know.

For example some of the binaries shipped with Fedora pass the TCK (at
least some for the x86 and x86_64 architectures), but Sun doesn't grant
any rights to call the result Java(TM), use the coffee cup logo or say
they are Java Compatible(TM).

Cheers,

Mark

Login or register to post comments
LSB Java support and Java updates - Submitted by LSB List on Mon, 11/17/2008 - 23:00.
Submitted by LSB List on Mon, 11/17/2008 - 23:00.

Posted to the lsb-discuss mailing list by: Mark Wielaard


On Mon, 2008-11-17 at 16:52 -0500, Theodore Tso wrote:
> Certainly one of the methods will be to include the passing the TCK

The TCK is a software project itself with different versions, even for
the same java specification. There are also various components that
might or might not be supported (if they are supported they must pass
all tests though) and there are components that might implement
different api versions of "endorsed standards". So you will have to be
pretty specific about which version and configuration of the TCK you
require. See here for example:
http://openjdk.java.net/groups/conformance/docs/JCK6bUsersGuide/html/p4....

> the JRE passed the TCK on Distribution Y and is therefore
> allowed to use the Java steaming coffee cup logo, we might allow
> distribution X to use that as evidence that it passes the Java
> requirement for LSB.

Passing the TCK does not give you rights to the logo, trademark or claim
that you are Java Compatible (TM). That is a separate agreement you have
to reach with Sun and for which there are no public agreements available
as far as I know.

For example some of the binaries shipped with Fedora pass the TCK (at
least some for the x86 and x86_64 architectures), but Sun doesn't grant
any rights to call the result Java(TM), use the coffee cup logo or say
they are Java Compatible(TM).

Cheers,

Mark

Login or register to post comments
LSB Java support and Java updates - Submitted by LSB List on Tue, 11/18/2008 - 04:45.
Submitted by LSB List on Tue, 11/18/2008 - 04:45.

Posted to the lsb-discuss mailing list by: Dalibor Topic


Mark Wielaard wrote:
> On Mon, 2008-11-17 at 16:52 -0500, Theodore Tso wrote:
>
>> Certainly one of the methods will be to include the passing the TCK
>>
>
> The TCK is a software project itself with different versions, even for
> the same java specification. There are also various components that
> might or might not be supported (if they are supported they must pass
> all tests though) and there are components that might implement
> different api versions of "endorsed standards". So you will have to be
> pretty specific about which version and configuration of the TCK you
> require.
>
Putting specific TCK requirements into LSB makes no sense, in my
opinion, since new releases of the
TCK are made regularly, as bugs in tests get discovered and fixed, for
example.

The LSB doesn't go that deep into specifics of testing runtimes of other
languages, afaict, so there is
no particular need to copy-paste parts of the TCK guide into the spec
only to redo it every couple of months.
>> the JRE passed the TCK on Distribution Y and is therefore
>> allowed to use the Java steaming coffee cup logo, we might allow
>> distribution X to use that as evidence that it passes the Java
>> requirement for LSB.
>>
>
> Passing the TCK does not give you rights to the logo, trademark or claim
> that you are Java Compatible (TM).
>
Please see the FAQ: http://www.sun.com/software/opensource/java/faq.jsp#k15

cheers,
dalibor topic

--
*******************************************************************
Dalibor Topic Tel: (+49 40) 23 646 738
Java F/OSS Ambassador AIM: robiladonaim
Sun Microsystems GmbH Mobile: (+49 177) 2664 192
Nagelsweg 55 http://openjdk.java.net
D-20097 Hamburg mailto:Dalibor.Topic@sun.com
Sitz der Gesellschaft: Sonnenallee 1, D-85551 Kirchheim-Heimstetten
Amtsgericht München: HRB 161028
Geschäftsführer: Thomas Schröder, Wolfgang Engels, Dr. Roland Bömer
Vorsitzender des Aufsichtsrates: Martin Häring

Login or register to post comments
LSB Java support and Java updates - Submitted by LSB List on Tue, 11/18/2008 - 08:45.
Submitted by LSB List on Tue, 11/18/2008 - 08:45.

Posted to the lsb-discuss mailing list by: Mark Wielaard


On Tue, 2008-11-18 at 05:31 +0100, Dalibor Topic wrote:
> Mark Wielaard wrote:
> > On Mon, 2008-11-17 at 16:52 -0500, Theodore Tso wrote:
> >> Certainly one of the methods will be to include the passing the TCK
> >
> > The TCK is a software project itself with different versions, even for
> > the same java specification. There are also various components that
> > might or might not be supported (if they are supported they must pass
> > all tests though) and there are components that might implement
> > different api versions of "endorsed standards". So you will have to be
> > pretty specific about which version and configuration of the TCK you
> > require.
> >
> Putting specific TCK requirements into LSB makes no sense, in my
> opinion, since new releases of the
> TCK are made regularly, as bugs in tests get discovered and fixed, for
> example.

Right. Just wanted to point out that "passing the TCK" is not some
binary thing. Depending on the version of the TCK different behavior is
being tested and depending on the configuration certain interfaces might
or might not be available or whole different versions of some api might
be tested. So just "passing the TCK" it isn't something that gives the
application developer a stable set of interfaces to depend on.

> > Passing the TCK does not give you rights to the logo, trademark or claim
> > that you are Java Compatible (TM).
> >
> Please see the FAQ: http://www.sun.com/software/opensource/java/faq.jsp#k15

Indeed. The "Java Compatible" phrase and the other Java related
trademarks are just Sun marketing tools, not technical marks. Since the
terms for this "trademark license" hasn't been disclosed it isn't
something that you can rely on if you are interested in technical claims
about what is and isn't supported.

Cheers,

Mark

Login or register to post comments
HomeForumsLSB General Forum › LSB Java support and Java updates
Copyright © 2008 Linux Foundation. All rights reserved.
LSB is a trademark of the Linux Foundation. Linux is a registered trademark of Linus Torvalds