On Tue, 26 Aug 2014 00:54:58 +0000 (UTC)
intrigeri <intrigeri@???> wrote:
> Hi,
>
> as explained on #7807, we ship two different versions of the OpenJDK
> JRE. To the best of my knowledge, only v6 is used, and only by I2P.
> bugfix/7807-remove-duplicate-openjdk-jre removes v7. I2P still works
> for me with this branch merged (into experimental). This makes the ISO
> 4% smaller (SquashFS compressed with gzip).
Technically it's not I2P depending on v6, but the wrapper that I2P
depends on, specifically this package:
https://packages.debian.org/wheezy/libservice-wrapper-jni
The proper fix will be to have the wrapper package additionally allow
for the *-headless jre/jdk packages to be used. (My packages also need
to be fixed to allow the -headless packages as alternate deps; I'll add
that resultant patch to the 'please update the wrapper packages' that
I'm going to file with the upstream DD).
The I2P packages accept multiple alternatives.
From I2P's perspective (and as the only user of Java on Tails
ATM), it would be better to use Java 7.
By explicitly installing OpenJDK7 packages the OpenJDK6 ones will not
be pulled in by the wrapper installation. (This override would be
removed once the wrapper packages allow -headless to satisfy the
dependency). (I don't hard depend on OpenJDK7 because some people might
_want_ to stay on OpenJDK 6 for whatever reason, and because OpenJDK
isn't an option everywhere, e.g. kFreeBSD...that and it will work with v6).
If you're open to keeping Java 7 but removing Java 6:
This same branch but at git://repo.or.cz/tails/kytv.git will prevent
OpenJDK6 from being installed by explicitly adding OpenJDK7 to the
package list. With my minor changes:
openjdk-7-jre:i386 7u65-2.5.1-2~deb7u1
openjdk-7-jre-headless:i386 7u65-2.5.1-2~deb7u1
In Tails 1.1:
default-jre 1:1.6-47
default-jre-headless 1:1.6-47
openjdk-6-jre:i386 6b32-1.13.4-1~deb7u1
openjdk-6-jre-headless:i386 6b32-1.13.4-1~deb7u1
openjdk-6-jre-lib 6b32-1.13.4-1~deb7u1
openjdk-7-jre-headless:i386 7u55-2.4.7-1~deb7u1
On Tue, 26 Aug 2014 17:31:30 +0000 (UTC)
intrigeri <intrigeri@???> wrote:
> str4d wrote (26 Aug 2014 10:32:14 GMT) :
> > As I recall, there are several I2P "bugs" that only occur on OpenJDK
> > v6 (not Oracle JRE 6), and are solved by running OpenJDK v7.
>
> Any pointer to these bugs, so that we can evaluate how serious
> they are?
There are bugs in Java 6 that I2P has been able to trigger that we
don't see in Java 7, but unfortunately I can't point to anything off
the top of my head, but perhaps str4d could shed some light on it.
I can say that Java 7 prefers stronger cipher suites than Java 6, though this
would only be of importance when bootstrapping.
See
https://www.ssllabs.com/ssltest/viewClient.html?name=Java&version=6u45
&
https://www.ssllabs.com/ssltest/viewClient.html?name=Java&version=7u25
Cheers,
--
GPG ID: 0x5BF72F42D0952C5A
Fingerprint: BD12 65FD 4954 C40A EBCB F5D7 5BF7 2F42 D095 2C5A
