sktsee at tulsaconnect.com
Tue Jan 26 16:08:26 UTC 2010
On Mon, 25 Jan 2010 18:06:41 -0800, NoOp wrote:
> I'll have a go at creating a .deb tomorrow. Perhaps we could get Patton
> to write a script to automate this afterwards? I'm sure you are more
> than capable, but Patton likes to develop scripts & this might be an
> ideal project for him :-)
Theres's a couple of caveats to using a java-package created deb verses
the sun-java packages from multiverse that you need to be aware of. The
first is that java-package only creates one deb that is not an update to
the sun-java packages. It uses a different directory layout putting jre
in /usr/lib/j2re1.6-sun rather than /usr/lib/jvm/java-6-sun-1.6.0.xx/jre.
If you don't remove the sun-java packages first, you'll have two java
installations that may or may not mess with each other. I removed all sun-
java packages before installing. I also removed the java-common package
because I wasn't sure if the update-java script included in java-common
is aware of non-Ubuntu provided java packages. Since I only have one java
install per machine, I went ahead and got rid of it. If you keep it
installed, you may have to tweak it a little.
The second caveat has to do with the bug report I filed yesterday,
Basically, the deb's post-install script creates a number of symlinks in
etc/alternatives and one points to a java plugin directory that Sun
didn't include in the jre6-18 update. This causes the post-install script
to fail, and the package is not cleanly installed. Commenting a snippet
out of the make-jpkg post-install and pre-remove templates allows you to
create a deb that can be installed/removed without error. The relevant
files and code are in the bug report.
> Ah. But then you run into the same issues as other similar packages...
> SeaMonkey comes to mind - where 'supposed' "security" fixes are applied
> to outdated packages. But if you go through the security notices you
> find: 1) outdated versions, 2) patches that are only "selectively"
> applied. I've not bothered to check with OpenJDK, but can't help but
> wonder if the same/similar situation may apply.
Seamonkey is in universe, so by definition it is "Community Supported".
That means it's in the same boat as sun-java. Whether it gets updated or
not really seems to depend on the whim of the maintainer, or some other
MOTU and clearing the SRU process. I think if there has been a CVE bug
filed against a universe/multiverse package it gets attention, but there
are some glaring examples of where it doesn't, as in the case of sun-
java. OpenJDK, on the other hand, is in main and therefore supported by
Canonical, so it should get more love. That's the theory, at least :)
More information about the ubuntu-users