我怎样才能提前访问 Oracle Java 更新,以便在这些更新公开时测试我的 RIA 并避免防火练习? [英] How can I get early access to Oracle Java updates, so I can test my RIA and avoid fire-drills when these updates are made public?
问题描述
拥有我们的应用程序 停止 工作 当客户安装 7u45 更新时,我们想知道我们还能做些什么未来提前为这些更新做好准备,避免发布日的支持噩梦.
(根据 Java 版本编号方案,计划于 1 月 14 日进行的下一个重要补丁更新将是 7u51.下一个有限更新(日期未知)将是 7u60.)
我浏览了 Oracle 和 OpenJDK 网站,但没有发现任何特别有用的内容.Java SE 的主要 Oracle 页面有一个 抢先体验下载 部分.它有三个有潜力的链接,但不要成功:
https://jdk7.java.net/,依然在讲7u40——- 没有提到 7u45,更不用说 7u51 或 7u60.
http://openjdk.java.net/projects/jdk7u/,上面写着我们愿意在 jdk7u-dev 森林中修复 7u60",但似乎没有提供任何预构建的二进制文件.我也不清楚部署组件(applet 插件和 webstart)是我们过去兼容性问题的主要来源,从一开始就属于 OpenJDK 的一部分.
Java 兼容性和性能计划听起来正是我想要的,但是 没有人知道如何注册.
我上面链接的第二个问题的答案指向一个OpenJDK 错误报告 已于 8 月提交.(它有一个CAP"标签,可能代表兼容性和性能"?)很明显,有些人能够针对这些更新测试他们的应用程序.非常感谢任何有关如何加入该俱乐部的指示!
OpenJDK Bug System
根据jdk7u-dev 邮件列表上的这篇帖子,OpenJDK 错误系统可能会提供部分答案.
邮件列表帖子说带有 CPU-critical-request 标签的错误 正在考虑包含在下一个 CPU 中,并且 CPU-critical-approved 标签 已被批准包含在下一个 CPU 中.然而在实践中,他们似乎使用了更具体的标签.对于计划于 2014 年 1 月发布的 7u51 更新,标签似乎是 CPU14_01-critical-request 和 CPU14_01-critical-approved.
您可以浏览完整的标签集,对后续 CPU 的标签进行有根据的猜测.您还可以查看修复版本"为 7u51 的错误.
Java 平台组,产品管理博客
Java 平台组,产品管理博客 看起来是获取部分信息的另一个途径.在此评论中对更新的安全基线 (7u45) 影响 Java 7u40 及之前的高安全设置"条目,Oracle 的 Erik Costlow 说:
<块引用>我们创建此博客的一个原因是它为我们提供了一种提供尽可能多的信息,甚至更多在各种 OpenJDK 邮件列表中完成.
有些变化我们无法提前通知,并且我希望将这种情况保持在最低限度.对于其他变化,不仅我们在这里发布关于它们的信息,我实际上是在去其他地方项目,不仅告诉他们,而且(视情况)制作贡献.看https://issues.apache.org/bugzilla/show_bug.cgi?id=55542一个示例.
Oracle 程序
Java 兼容性和性能计划 已经死了,据我的 Oracle 客户经理说.由于漏洞被逆向工程的风险,对 CPU 类似程序的访问受到严格控制(即使在 Oracle 内部).(我不是成员,也不打算进一步研究它.)OpenJDK 是 Oracle 首选的兼容性测试方法,尽管已知它与下一个 CPU 中的内容并不完全相同.
Oracle 还向我们推荐了 JavaOne 2013 安全跟踪,特别是 JRE 安全增强一年" 的演讲,其幻灯片可在线获取.这些幻灯片反过来说,上面提到的博客将尽可能提前通知".
Having had our application stop working when customers installed the 7u45 update, we're wondering what more we can do in the future to be ready for these updates up-front and avoid release-day support nightmares.
(Per the Java version numbering scheme, the next Critical Patch Update, planned for January 14, will be 7u51. The next Limited Update (date unknown) will be 7u60.)
I've poked around the Oracle and OpenJDK websites, and not found anything particularly useful. The main Oracle page for Java SE has an Early Access Downloads section. It has three links that have potential, but don't pan out:
https://jdk7.java.net/, which still talks about 7u40 -- no mention of 7u45, let alone 7u51 or 7u60.
http://openjdk.java.net/projects/jdk7u/, which says "We're open for fixes for 7u60 in the jdk7u-dev forest", but doesn't appear to provide any pre-built binaries. It's also not clear to me whether the deployment components (applet plug-in and webstart), the main source of our past compatibility issues, are even part of OpenJDK to begin with.
The Java Compatibility and Performance Program sounds like just what I want, but nobody knows how to sign up for it.
An answer to the second question I linked above points to an OpenJDK bug report that was filed back in August. (It has a "CAP" label, which might stand for "Compatibility and Performance"?) So clearly some people are able to test their applications against these updates. Any pointers on how to join that club are much appreciated!
OpenJDK Bug System
According to this post on the jdk7u-dev mailing list, the OpenJDK bug system may provide a subset of the answer.
The mailing list post says that bugs with the CPU-critical-request label are under consideration for inclusion in the next CPU and bugs with the CPU-critical-approved label have been approved for inclusion in the next CPU. However in practice, it seems that they're using more-specific labels. For the 7u51 update planned for January 2014, the labels appear to be CPU14_01-critical-request and CPU14_01-critical-approved.
You can browse the full set of labels to make your own educated guesses about labels for subsequent CPUs. You can also see bugs whose "fix version" is 7u51.
Java Platform Group, Product Managment blog
The Java Platform Group, Product Management blog looks to be another avenue for partial information. In this comment to the "Updated Security Baseline (7u45) impacts Java 7u40 and before with High Security settings" entry, Erik Costlow of Oracle says:
One of the reasons we created this blog is that it gives us a way of providing as much information as we can, even more than it already done on the various OpenJDK mailing lists.
There are some changes that we can't provide advance notice about, and my hope is to keep that to a minimum. For other changes, not only are we posting about them here, I am actually going out into other projects and not only telling them, but (as appropriate) making contributions. See https://issues.apache.org/bugzilla/show_bug.cgi?id=55542 for an example.
Oracle Programs
The Java Compatibility and Performance Program is dead, according to my Oracle account manager. Access to an analogous program for CPUs is tightly controlled (even within Oracle) due to the risk of vulnerabilities being reverse-engineered. (I am not a member and do not plan to pursue it further.) OpenJDK is Oracle's preferred method of compatibility testing, even though it is known not to be bit-for-bit identical to what will be in the next CPU.
Oracle also refers us to the Security Track at JavaOne 2013, in particular the "One Year of Security Enhancements in the JRE" talk, whose slides are available online. Those slides, in turn, say that the blog mentioned above will give "as much advanced notice as possible".
这篇关于我怎样才能提前访问 Oracle Java 更新,以便在这些更新公开时测试我的 RIA 并避免防火练习?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
