AW: Question Update Java Security Updates
marquis at roble.com
Sat Mar 12 16:24:54 UTC 2011
>> The reason for that is that they haven't been necessary. This cannot be
>> said for openjdk, not yet at least.
> There have been 191 "vulnerabilities" for the lifetime of JDK 1.6,
> according to Secunia. java/jdk16 is at update 4 out of 24. Unless you
> are running only trusted local apps with no networking support, that
> is highly dubious.
Vulnerability is relative to your application of course. The
"vulnerabilities" you site for JDK have not been relevant to my servers
or apps or most commonly used apps (other than webstart). That cannot be
said for the Openjdk.
But equating advisories with vulnerabilities does bring up an important
point, and I expect religious preferences will continue to take
precedence over actual user experience.
More information about the freebsd-java