On 02/27/2015 10:58 AM, Aleksandar Kurtakov wrote: > The problem with alternatives is they are system wide so if one changes the > alternatives to point to the legacy JDK for their third party app this > becomes the JDK system wide. Thus all Fedora packaged Java apps (Tomcat, > Jetty, JBoss, Freemind, Azureus, Eclipse...) will start using this JDK but > they will contain jars compiled for newer JDK thus will fail at runtime.
Exactly. But it's worse than that: someone sets an alternative for some temporary purpose, then reboots their computer, then they get pwned via the vulnerable Java. I'm all for freedom, but we should not install traps for our users. Andrew. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
