Fortify: open source software is a security risk for businesses

debian packaged sun jdk/jre 1.5 in etch.  1.6 is in testing and will be released as lenny
(hopefully later this year).  but those are the sun proprietary licensed versions.

matthias klose, who works for canonical, packaged icedtea and now openjdk for debian and
ubuntu, but ubuntu released with it first.  it might be a while until debian releases with it
because the stable-release freeze has begun in testing/lenny and openjdk is stuck in unstable.
since matthias works for canonical, it's no surprise that it appeared in ubuntu first.

historically, icedtea was packaged for ubuntu gutsy/7.10 and installable on debian
unstable/sid, but never uploaded to unstable (or even experimental, i believe). [1]  openjdk 6
was released with hardy. [2] openjdk was just uploaded to unstable less than a month ago. [3]

so i would agree with dave's statement that the "free" version of java is in ubuntu (since
hardy and before that icedtea in gutsy), but not debian (not before last april, nor even
planned for the next stable release, lenny).

[1] http://lists.debian.org/debian-java/2007/08/msg00028.html
[2]
http://packages.ubuntu.com/search?suite=default&secti...
[3] http://packages.qa.debian.org/o/openjdk-6.html