Hi, On Mon, 2008-07-28 at 15:34 -0700, David Herron wrote: > Each synchronized security release involves simultaneous release of > all current binary JDK bundles as well as OpenJDK 6/7 source releases > of the same bug fixes. For OpenJDK there is some kind of behind the > scenes source handshaking as (I think) is common among open source > projects and if you want to know more either I or Dalibor could get > the information to you. We of course don't want to release source for > a security fix until the matching binary JDK build has been released. > > OpenJDK 6 b 11 was the matching synchronized security release > > http://blogs.sun.com/darcy/entry/openjdk_6_sources_for_b11
And the security fixes were released and incorporated into icedtea several days before the b11 code drop by Lillian: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2008-July/002650.html So in principle we can turn around pretty fast. As soon as the source code for any fixes are available, we don't have to wait for any drops to get the security holes resolved for the distros immediately. Cheers, Mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
