| |||||||||||||
Outdated debian packages on blackdown?Outdated debian packages on blackdown?Posted Dec 2, 2004 19:25 UTC (Thu) by fredrik (subscriber, #232)In reply to: A java vulnerability by hmh Parent article: A java vulnerability
I'm probably missing something, because when I browse blackdown's ftp mirrors I cannot find any debian packages more recent than 2003. Not even the change log from the most recent tar-package seems to reference any security fix. Are the blackdown developers really maintaining their ftp? And if not, are the debian packages maintained elsewhere?
Sofar, I have always pulled the official sun release, and built a java-dummy package. That has been the most predictable method for me to install java.
A pity that sun maintains a such obnoxious non-oss-approved license on their official SDK/JRE. They only shoot themselves in the foot by making it harder for both end users and developers to install and update.
Oh well, guess I'm preaching to the choir here anyway...
(Log in to post comments)
Debian repository of blackdown.org j2se packages Posted Dec 2, 2004 20:22 UTC (Thu) by hmh (subscriber, #3838) [Link] deb http://ftp.gwdg.de/pub/languages/java/linux/debian sid non-free
OR
deb http://ftp.gwdg.de/pub/languages/java/linux/debian sarge non-free
Debian repository of blackdown.org j2se packages Posted Dec 3, 2004 9:01 UTC (Fri) by fredrik (subscriber, #232) [Link] Ah, sweet!
I found the release notice and a reference to an official deb-archive[0] on blackdown. The notice also mentioned that their latest version, 1.4.2.01-1, fixes the vulnerability in CVE CAN-2004-1029.
Apparantly blackdown's version 1.4.2.01 is based on sun's 1.4.2_07pre code, and I must say, that version discrepancy is a bit unclear for a casual observer.
Anyway, off I go to add a new source for apt. Wee.
[0] http://blackdown.org/java-linux/java2-status/jdk1.4-statu...
|
|||||||||||||