Hey,
Thanks a lot for what you have information wise
J
Of course for a company most interesting is the question: „If I put this thing into production in version X, how long
will there be security/critical updates available (in a sufficiently short timeframe).“ This is something that needs an answer before making decisions. I understand that this is a little behind the horizon for you right now
J
(From a management point of view, ) even an answer like: “it’s open source, go fix it yourself and we will happily accept
security patches” would be kind of acceptable. Maybe not driving decision towards OpenJ9, but still acceptable :D
Cheers,
Markus
From: openj9-dev-bounces@xxxxxxxxxxx [mailto:openj9-dev-bounces@xxxxxxxxxxx]
On Behalf Of Mark Stoodley
Sent: Tuesday, April 24, 2018 7:02 PM
To: openj9 developer discussions <openj9-dev@xxxxxxxxxxx>
Subject: Re: [openj9-dev] Security Update Policy
Hi Markus,
> Lately there has been a little re-shuffling in release cycles/security update policies on Java VMs
JTrying to figure out a way forward and a VM to choose for the future, is there any information regarding OpenJ9’s security update
policy, release cycles, etc.?
Short answer is that we're still putting together the full answer to your question, but there is some useful information presented as part of this discussion on our proposed support statements:
https://github.com/eclipse/openj9/issues/1616
You'll see there is a proposed release cadence for Eclipse OpenJ9 in a table in that issue that I'll summarize as "basically quarterly" and also aligning as much as we think possible with the expected
activities at OpenJDK. Our nightly and release binaries are built at AdoptOpenJDK and you can read their statements here:
https://adoptopenjdk.net/support.html.
I know it's not exactly what you're asking for but I tried to provide as many details as we currently have. If you have specific follow-on questions, feel free to ask here or on our slack channels
and we can try to work through the gaps together as a group.
--mark