

Oracle doesn't want to deal with easy-to-fix Java vulnerability till Feb 13 - ari_elle
http://seclists.org/fulldisclosure/2012/Oct/155

======
infinii
Author doesn't seem to have any clue as to how software gets delivered. Oracle
obviously needs to perform regression testing. The fact that this bug affects
multiple versions, means the testing effort is enormous.

Author seems ignorant to think it's a matter of editing the fix and doing a
build. BTW, Integration tests != regression tests.

I see nothing wrong with Oracle's decision. You have to release something at
some point. There will always be 'one more bug/feature' in the wings, and if
you let the author have his way, nothing would ever get delivered.

