Bad, mad and dangerous to know
Oracle’s Sun Java JDK packages are to be removed from the Ubuntu partner repositories and disabled on users systems after Larry Ellison ruled that the retiring the ‘Operating System Distributor License for Java, means Canonical no longer have permission to use it.
The change will affect Ubuntu 10.04 LTs, Ubuntu 10.10 and 11.04 users only. Those who have ‘sun-java-6? package installed on their system will see it removed via a future software update. It is not clear when this will be yet.
Canonical are saying that anyone requiring the software will need to switch to open-source alternatives. This can be found in the Ubuntu Software Centre or by manually installing the Java packages available through the Oracle web site.
OpenJDK, which until now has been the open-source alternatives to Java, will now become its official implementation. Oracle is using OpenJDK as the basis for their own future releases.
The problem is not Oracle trying to stick one to the Open Source movement. There are shedloads of security issues present in the version
of Java available through the Ubuntu partner repositories. Canonical just thinks that the security risk was so severe that it is easier to kill it off.
A security update for the Sun JDK browser plugin will disable the plugin on all machines. Ubuntu’s Marc Deslauriers wrote in a mail to the Ubuntu Security Mailing list that its actions will mitigate users’ risk from malicious websites exploiting the vulnerable version of the Sun JDK.