Comment Re:oracle as damage, route around it (Score 2) 320
Is the problem with OpenJDK or just Oracle Java?
Doesn't OpenJDK have a reasonable patch procedure?
Why don't all the corps that are tied to Java apps fund the development of an OpenJDK port/plugin for Windows and leave Oracle to run their own Java ghetto?
I don't know that much about how these projects are actually organized. I could be wrong, but it sounds to me like basically a PHB at Oracle decrees that a certain feature should be added to java, even though it's ill-advised from a security-design point of view; then code monkeys at Oracle implement it; then people out in the OSS world (the project that used to be GNU classpath? IcedTea? OpenJDK?) import the code into their own implementation, which is really the same code-base with just a few IP-encumbered parts replaced with open-source work-alikes. AFAIK the present security hole was present in every implementation of java 1.7 for the last 6 months, not just windows implementations or implementations downloaded directly from oracle.
If anyone has deeper insight into how all this is organized, it would be great to hear from them.