Patch cycle for openjdk
My team is required to adhere to strict patching policies, so we have two questions regarding patch release expectations:
1. Going through the patch release history I noticed that for Java7u71 there was a 9 day delay between Oracle releasing their patch and the OpenJDK package being updated. 1-3 days seems ok but 9 days is a bit scary. Is there any kind of SLA or expected delay for package release?
2. Is there any scenario where Oracle releases a java security patch and Canonical has no expectation of releasing a patched package within a few days? For example, Oracle's policy is to release quarterly updates, and Canonical mostly follows this. If Oracle releases an out of band security patch, will Canonical pick this up within a few days or wait for the next quarterly release?
Fundamentally I want to confirm that, by depending on this version of OpenJDK, my team doesn't get in a situation where we fall out of patch compliance because an updated package is not released within a reasonable timeframe.
Thanks,
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Ubuntu openjdk-7 Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask Matt Bearup for more information if necessary.