On Sat, Oct 5, 2013 at 11:21 AM, Patrick patrick@spellingbeewinnars.org wrote:
However it's in Centos and I trust Centos, are the concerns in the media blown out of proportion ?
1. In short: Yes, they were blown out of proportion with a high dose of FUD. Read the following analysis specially the last few paragraphs.
http://timboudreau.com/blog/The_Java_Security_Exploit_in_%28Mostly%29_Plain_...
2.The most widely referred hole had to do with running applets on a browser.
3. J7u40 and OpenJDK7U40 took care of the major issue: Java previously ran unsigned "applets" automatically. Now it no longer does
4. Most brosers now feature "click to run" on applets. Effectively creating a dual barrier against running unsigned code (two clicks, one to the browser warning, another for the JRE warning about unsigned code). Drive-by exploits are thus impossible.
4. Java now offers a "server JRE" without the browser plug-in, starting w J7u21
http://www.oracle.com/technetwork/java/javase/7u21-relnotes-1932873.html#ser...
5. Applets are on the way out, most of the action these days is on server-side Java, and on client-side Java, not browser java.
6. Lots of apps are Java based and have no intention of switching (Jitsi, Vuze, etc)
7. JVM languages are booming (JRuby, Jython, Scala, Clojure, RedHat's Ceylon) http://www.drdobbs.com/jvm/a-long-look-at-jvm-languages/240007765
8. Java is open source, with Twitter, SAP, RedHat,IBM, Oracle and even Google collaborating with the project. See:
http://www.redhat.com/summit/2012/pdf/2012-DevDay-OpenJDK-Bhole.pdf
9. Java8, OpenJDK 8 is coming, w Java9 OpenJDK9 next
10. Java is more than a language. Its also a runtime environment and level playing field software ecosystem. You can create Java apps with any of the JVM languages without ever writing a single line of Java code.
11. Raspberry Pi just announced that RasPis will ship with OpenJDK and JRE
Those are my reasons, if you dont like em, I have others... ;) FC