[Mageia-dev] Removal of sun java

Christian Lohmaier lohmaier+mageia at googlemail.com
Fri Mar 30 13:34:23 CEST 2012 

Hi *,

On Fri, Mar 30, 2012 at 9:52 AM, Guillaume Rousse
<guillomovitch at gmail.com> wrote:
> [...]
> You're not a system administrator, whose duty is to take this kind of
> decision, you are a technical solution provider. You're clearly confusing
> the roles here.

I don't get your problem really. Of course Mageia will only replace
the mageia packaged version of Sun's java, not a version you obtained
from Oracle.

So while the user who has a security-flawed version of mageia's
sun-java installed will have it scheduled for an update and replaced
by OpenJDK, that user
a) is not forced to do the update
b) can just install a fixed version of Java from Oracle instead
c) update and not care that much (>90% of the user base)

> But automatically removing software
> for security concerns, without asking for user consent,

You are asked for confirmation when installing updates - you get
notification that there are updates, and then have the choice to
accept them or decline them.

And there is a possiblilty to flag packages as "don't update those"
via configuration files.

> would be a first
> step into transfering decision power from user to operating system vendor.
> Trusted computing approach, in other terms.

This is a weak argument really, as there were always security updates.
Those as well were telling the user to update, and not wait until
$system-admin decided it is time to check for vulnerabilities.
There have been obsolete packages in the past as well, replacing
unmaintained/outdated packages by better (for most) alternatives.

This time it is just both at the same time.

So if you want your outdated mageia-version of java, just tell urpmi
to not touch it.

But don't argue that the rest of the userbase should continue running
a flawed version just because you have a special need. Users have a
choice to unselect updates. If they don't read the update's
description, it is their fault, not mageias.
Users have the choice to specify packages that must never be removed
in configuration files

ciao
Christian

More information about the Mageia-dev mailing list