Slashdot Mirror

← Back to Stories (view on slashdot.org)

Oracle Removes Java Signatures, Breaking Webstart

Posted by timothy on from the is-this-your-homework-larry dept.

sproketboy writes "It seems Oracle has decided in their infinite wisdom to remove digital signatures from the Java projects that they put into the open source community. Of course this breaks any application out there depending on Java Webstart using these libs. Looks like Java3D and JAI are currently affected — probably other APIs are as well. Oh Oracle! What are we supposed to do with you?"

13 of 198 comments (clear)

  1. Oracle only said they'd keep it open source by Chrisq · · Score: 5, Insightful

    Oracle only said they'd keep it open source. They never said they'd let you use it.

  2. Security risk...sure. by Anonymous Coward · · Score: 4, Insightful

    from FTA:

    It's been several years since Oracle (previously Sun) stopped providing support for the open source Java3D projects. It was decided that keeping binaries signed with old Sun signing certificates represented a potential security risk, and because of this, we have removed the old Sun signing certificates for the binaries on download.java.net.

    Cause you know...that makes sense.

  3. It's Their Culture by WrongSizeGlass · · Score: 4, Insightful

    Oracle is used to dealing with very large corporations. Now that they have their hands on Java, which directly affects many users, web hosts (large and small), etc, etc they just don't know how to handle things. Forcing major changes onto companies that Oracle has by the implementation & licensing balls is one thing, but trying to force major changes onto the real world will only lead to a backlash and the adoption of alternatives to Java.

    It will take a little time to untrench Java, but the intertubes won't stand for this type of reckless and disrespectful behavior. A change is a commin'.

    1. Re:It's Their Culture by ultranova · · Score: 4, Insightful

      Forcing major changes onto companies that Oracle has by the implementation & licensing balls is one thing, but trying to force major changes onto the real world will only lead to a backlash and the adoption of alternatives to Java.

      Are there alternatives to Java? Mandatory bounds checking, garbage collection and all that implies, and inability to break type safety combined with good execution speed are not easy to implement, especially in a multi-platform way.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

  4. Re:Die! by TheRaven64 · · Score: 3, Insightful

    Sure, just like how all of the crap programmers left the industry when COBOL, and VB6 went out of fashion...

    --
    I am TheRaven on Soylent News
  5. Re:Die! by ByOhTek · · Score: 5, Insightful

    There are plenty of good Java programmers. Yes there are more crap java programmers. But I can't think of any language for which that ISN'T true.

    --
    Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
  6. Re:Shot themselves in the foot by headLITE · · Score: 5, Insightful

    If you have an HR webstart app that loads libraries from random servers on the internet, you probably deserve what you get...

  7. Serves'em right by Meneth · · Score: 5, Insightful

    Serves JavaWebStart coders right for relying on third-party, online systems.

    In that vein, one can consider what would happen if Google suddenly stopped hosting JQuery: about half of the javascript-using websites in the world would stop working. :)

  8. Re:FORK IT! by mswhippingboy · · Score: 3, Insightful

    Right. Then just wait for the patent infringement suits to start rolling in. You can probably safely fork the language as long as you don't try to run the resulting binaries in a VM of any kind.

    --
    Sometimes the light at the end of the tunnel is the headlight of an oncoming train.
  9. Problem exaggerated by prionic6 · · Score: 4, Insightful

    I don't like oracle either. But if you are writing a webstartable application, you probably have the infrastructure to sign your own jars. So you could sign the Java3D-jars yourself and distribute them together with your application. Depending on availability of something like http://download.java.net/media/java3d/webstart/release/j3d/1.5.2/windows-i586/j3dcore-d3d_dll.jar - signed or not - isn't really advisable anyway.

    1. Re:Problem exaggerated by Anonymous Coward · · Score: 4, Insightful

      Yea I don't see the big issue. I always thought it is VERY bad practice to depend on external links to libraries, especially if you're already providing some libraries yourself (e.g. your app). Who knows how long these links stay valid, it can lead to inconsistencies and so on. If they're not under your control, you shouldn't have any expectations.

      If this breaks things for you, you did something wrong to begin with.

  10. Re:destroying open source by Bill_the_Engineer · · Score: 3, Insightful

    Miguel De Icaza has provided a very interesting insight into the case.

    A proponent of Mono/C# has damning insight on Java... Color me shocked.

    --
    These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
  11. Webstart download these libs from where? by Anonymous Coward · · Score: 3, Insightful

    To blame is the infinite wisdom of developers that decide to reference libraries from Oracle servers. They could instead sign all the libraries themselves and put them on their own download servers. That has the added benefit that Webstart doesn't need to rely on dozens of third-party download hosts to be up and running, but only your own host must be up.