
Java 9 has six weeks to live - md365
http://blog.joda.org/2018/02/java-9-has-six-weeks-to-live.html
======
paulddraper
> The new Java release train means that there will be a new release of Java
> every six months. And when the next release comes out, the previous release
> is obsolete.

> In practical terms it means that there are no more security updates from
> Oracle.

What?!? If I have Java 9, I have to upgrade _the day Java 10 is released_ to
be secure? I have to do major (i.e. feature breaking) upgrades to get security
updates?

How is this a sane policy, and how many people are going to be running
unpatched Java versions?

~~~
bitwize
Either patch it yourself, or pay Oracle for a support license.

~~~
tormeh
Sounds reasonable to me. People who expect free support on an open source
product mystify me.

~~~
paulddraper
[https://wiki.ubuntu.com/LTS](https://wiki.ubuntu.com/LTS)

[https://jenkins.io/download/lts/](https://jenkins.io/download/lts/)

[https://github.com/nodejs/Release](https://github.com/nodejs/Release)

[https://www.python.org/dev/peps/pep-0407/](https://www.python.org/dev/peps/pep-0407/)

------
therealmarv
Thanks. Stayed on Java 8 because had some smaller problems with Java 9. Now
I'm happy I stayed with Java 8 (LTS).

~~~
md365
Ironically, some claims that Java 9 feels like home.

------
fulafel
What are the practical problems Java apps typically run into when upgrading?
Or is this more about not wanting to redeploy and test your app every 6
months?

~~~
needusername
I would say it depends, its quite easy to unknowingly depend on non-standard
behavior that can break like HashMap iteration order.

What often causes issues is that every release has a new byte code version and
the ecosystem relies heavily on byte code libraries so these will have to be
updated across the board (eg. you use middleware that uses a framework that
uses a byte code library).

Things on the top of my head that can break with Java 9:

\- new gc logging options and format

\- rt.jar and tools.jar are gone

\- new JDK layout

\- Corba, XML and Annotation classes no longer visible by default

\- application class loader is no longer and URL class loader

\- a different hack is required to munmap files

It's not too bad in general.

------
marcodave
on one hand, I'm pretty ok with this, it helps more understanding that "hey,
you're several security patches behind!" rather than just hiding the
information in a build number. what's not really clear at least from the
article, how will new APIs be rolled out with this faster release cycle?

~~~
dragonwriter
New APIs will be part of the every 6 months feature releases. Which means if
you aren't on the LTS, you need to stay up with _feature_ releases to get
_security_ updates after 6 months.

~~~
needusername
Also old APIs can be removed part of the every 6 months feature releases. In
theory an API can be deprecated in Java 10 and removed in Java 11.

------
princekolt
There will come a time when, just like flash, it will simply be easier to
uninstall it and move on.

