You are. The community asked for those changes, but some don't understand them and are confused because they apply old terms to new concepts.
First, Oracle has completely open sourced the JDK, for the first time ever. Instead of a JDK with a complex license, mixing both free and commercial features and containing field-of-use restrictions, Oracle now provides the JDK under a 100% free and open source license, or under a commercial license for those who wish to purchase a support subscription (and fund the development of OpenJDK).
Second, there are no longer major releases, and the new feature releases are similar to the old six-monthly "limited update". JDK 10, 11 and 12 are roughly the same size as 7u2 and 7u4, which also didn't get free security patches after six months. What's changed is the name given to those releases, and to make the updates cheaper and easier, they have been made more gradual, by allowing spec changes in feature releases. Not only do you get security fixes for free forever, but there are no more major upgrades.
So the main point of confusion is that some confuse the new feature releases with the old major releases, when, in fact, they are much closer to the old "limited update" releases. People see a new version number, see that that number is not freely supported beyond six months and panic, when, in fact, the old releases that were similar to the new feature releases were also not supported beyond six months. They themselves were considered "updates" to some major release, but major releases no longer exist, and the "updates" now get a new version number. See here [1] for a more complete explanation.
In addition, there's another new model, that allows organizations that for some reason need a much less gradual upgrade process than the new one -- and even less gradual than the old one -- and that is something that Oracle charges for. But because the JDK is now completely open source, other OpenJDK members have committed to backporting the fixes to provided a similar step-wise upgrade path for free.
(I work on OpenJDK at Oracle, but speak only for myself)
I think the changes are reasonable, but the lack of historic support and the timeline of the changes are not.
Java is deeply engrained in much of enterprise software, which is slow and difficult to change. The licensing change was not given with nearly enough heads up for companies to properly assess their options and migrate to OpenJDK if they choose. From a user perspective, where it’s known that switching JDKs and updating major versions is often not a straightforward task, it sure does seem like this was carefully planned to make it too difficult to move off the JDK that just got a lot more expensive to use.
My company is dropping Oracle JDK entirely and moving to Open JDK, and over time transitioning off of java wherever possible directly due of this change. We are not a small company. It took several months just to figure out the scope of how widely the JDK was in use, we had to cut Oracle a hell of a cheque to avoid licensing issues, and we aren’t doing it again. We have a dedicated team assembled to move off of Oracle JDK now.
The general consensus of the Java leaders in our company is that this is a last ditch effort money grab by Oracle to leech money from Java, which was feared from the day that Sun was acquired.
> The licensing change was not given with nearly enough heads up for companies to properly assess their options and migrate to OpenJDK if they choose.
I don't know what enough would be. This has been discussed and explained for at least a year.
> it sure does seem like this was carefully planned to make it too difficult to move off the JDK that just got a lot more expensive to use.
What? The change was that as of JDK 11, Oracle JDK and OpenJDK are the same software[1]. The same software that used to contain both free and commercial features, and that had field of use restriction is now 100% free and 100% open. If this is making it harder, I don't know what making it easier would be. If free is more expensive, I don't know what less expensive is.
> My company is dropping Oracle JDK entirely and moving to Open JDK, and over time transitioning off of java wherever possible directly due of this change.
Good, because that's what Oracle has been asking you to do[2]. Oracle JDK is now the name given to the same software sold with a commercial support subscription. If you don't want to buy support, don't use the package that includes it.
> The general consensus of the Java leaders in our company is that this is a last ditch effort money grab by Oracle to leech money from Java, which was feared from the day that Sun was acquired.
I am a bit concerned that the Java leaders in your company think that a money grab is taking a commerical offering and making it free. Oracle has now made the JDK 100% open source and free for the first time ever. To fund its development, it is also selling support for those who want it.
you will have to forgive thanatos_dem, they most likely work somewhere similar to my last job..gigantic org..you can tell them 100 times the asteroid is coming, but they ignore it until almost impact. They also have a very entitled idea of software, where in my situation we used tons of IBM software for years and were pissed off when IBM came looking for their money.. WHO WOULD HAVE THOUGHT? our leaders even so called them thieves (funny since we were essentially stealing their software for years knowing full well it costs $$). Years later? nope not migrated away from the IBM stuff, who knew it takes tons of work when you ingrain in any tech for that long, and ya. a staff that needs training on the new direction etc etc.
I say good for oracle looking to want compensation for support. And thanks to oracle for keeping it open source.. and well..your comments on the matter actually feel clearer than some of the information put out by oracle themselves hehe..
> Java is deeply engrained in much of enterprise software, which is slow and difficult to change.
Indeed.
I work on enterprise software, and we have to provide Java components for companies that require it. None of our customers want or can use anything past Java 8, and we have no plans on supporting anything past Java 8 until someone squeals.
Which is a bummer because JDK 9 added some nice convenience functions to the standard library. Like "transferTo" to avoid using like 6 utility functions just to move bytes around. It's stuff like this that will compile on JDK9 but won't run on JDK8 because the stdlib method isn't there that you kind of have to watch out for when deploying stuff on a machine that might be running an old JDK. But in general my engineering philosophy is it's usually worth it to keep things up to date, even if it's just because it makes the engineers happier.
InputStream in = Main.class.getClassLoader().getResourceAsStream(filename);
try {
OutputStream out = new FileOutputStream(file);
in.transferTo(out); // new in jdk 9!
out.close();
} finally {
in.close();
}
I understand your point. But realistically, if none of our customers want or can use anything beyond 8, the safest thing for us to to is to avoid upgrading our dev environment beyond 8. That way, nobody could accidentally use incompatible features.
Personally, though, I really dislike Java regardless of the version being used. I'm hoping that some day I'll be able to foist this aspect of my job off on someone else -- then I won't have to worry about it!
Just one data point: our IT has now blocked the whole java.com domain. Oracle Java is now primarily seen as an infection you get through the Java Updater. Yes, I know of OpenJDK and I'm currently in the process of migrating machines to it, but I can assure you the damage to Java is very real.
OpenJDK is the name of the JDK developed primarily by Oracle.
java.com is the website for "consumer-side" Java -- i.e. the desktop JRE. The JRE and "consumer Java" no longer exist (as they've been replaced by jlink), and so the website is out of date and largely irrelevant. I hope someone soon figures out what other use to put it to.
You might not like it, but java.com/download is still the first result when searching for Java.
I am aware what OpenJDK is and who develops it, and I can handle the changes to our systems just fine, but I'm an engineer, not a manager. I can assure you that the confusion around Java is very real, as well as IT departments worrying about machines updating to a Java version requiring a commercial license.
I don't think that the desktop JRE's autoupdater can automatically update to versions (of the old JDK 8) that now require a commercial license, but I'm not sure. I'll ask. But I understand and agree that communication/websites can and should be clearer/easier to find.
EDIT:
I asked about the JRE autoupdater, and got this answer:
Before update, it will offer to change the license to personal use (or to get a commercial one) or remove the software. It will default to remove. You can also choose not to upgrade and not to remove and keep using an out-of-date version. And if you accidentally remove, you can still get the old free versions from the Java archives.
This is the core piece of crucial information in all this, and I haven't found it anywhere else.
We have Java installed. As far as I know, we never told the installer if our use was planned to be commercial or personal. But in a few days, personal-use-installations will get a free update and commercial-use-installations will...
A) not get updates, through the updater using heuristics and mind-reading to divine that the installation is not personal?
B) get the update and thus be expensively out of compliance with the license?
C) have the updater present the problem to the end user and expect them to carefully consider the legal situation?
I think many people have assumed that the answer is B and are currently busy uninstalling Java everywhere, but if I understand you right the answer is actually C?
Is there more information on this anywhere? Most importantly, what is the correct official way to tell the updater ahead of time to keep the old version and never update? (We have a legacy application that uses applets.)
The answer is C.
I got prompted with a Java update and just went ahead with it, without much consideration; I mean, it's just a Java update, I don't even use Java for anything on this machine but w/e. This morning I got a panicked email from our IT, sent to a significant portion of the company about the fact that we now run a commercially-licensed version.
There is no longer a parasitic Java installation on my computer.
> I asked about the JRE autoupdater, and got this answer:
Thank you for asking! It all depends on the warning that is displayed, of course. I still think that our IT has a good point in blocking the update completely.
Dude java.com has been irrelevant for as long as Java Applets have been on the way out - approximately 15 years.
There are reasons not to use Java (such as it being legacy tech and the PITA that is using Spring and Maven when those are supposed to make life easier), but historic Java Applet vulnerabilities aren't one of them.
Dude, this is not about applets. This is about the Java Updater possibly updating to a version requiring a commercial license. It may be that the updater does not do this by default, but I've not yet seen any official statement about this.
One of the primary drivers for JDK support is security. As far as I can tell, Oracle remains the only member of the OpenJDK community participating in the vulnerability pre-disclosure process. They are also not releasing source for JDKs after 6 months. Therefore, users of non-Oracle supported JDKs will be exposed to a zero day attack between the time of Oracle's CVE disclosure/patch release and the time that their OpenJDK distribution creates, tests, and releases a patch. I would love to see these communities thrive, but the reality is that Oracle is strangling them in the crib by taking control of the most important support functions.
> Oracle remains the only member of the OpenJDK community participating in the vulnerability pre-disclosure process.
I don't know if that's true. I know the vulnerability group [1] has members outside Oracle [2], but I know next to nothing about that process. I'm told that nobody gets any advantage on security issues.
> They are also not releasing source for JDKs after 6 months.
What do you mean "after 6 months"? There are no longer major versions. Comparing the update schedule for 7 (a major release) and for 11 (a feature release) makes no sense. JDK 11 is more similar to 7u2 or 7u4, which also got security patches for only six months.
All fixes go into the OpenJDK mainline. What Oracle engineers won't be doing much of is backporting the fixes to old versions, which, again, aren't major versions. They won't be backporting much to 8 (which is a major release) now that it's five-years-old, either, but that's the same as under the old model.
> Therefore, users of non-Oracle supported JDKs will be exposed to a zero day attack between the time of Oracle's CVE disclosure/patch release and the time that their OpenJDK distribution creates, tests, and releases a patch. I would love to see these communities thrive, but the reality is that Oracle is strangling them in the crib by taking control of the most important support functions.
You're talking about users who choose one of the two new release models, and pick the one that's been designed as a paid service. If you're concerned about that, you can pick the other new model, which is not only free but easier overall.
Question about this then: one of the assertions I got from the article is that it is no longer permitted to run a server process with Oracle's OpenJDK build without paying for a license. In your opinion (recognizing that you don't speak for Oracle) is this correct?
Absolutely not. All OpenJDK builds, packaged by Oracle or anyone else, are released under the same open source license, that of OpenJDK itself. It has no term limits and no field-of-use restrictions.
So, as you understand it, a business that runs Jenkins on an OpenJDK build without a commercial (paid) license from Oracle isn't breaking any license terms?
The message from the Java updater applet wasn't exactly clear about this. I hate being cynical, but I feel like that was probably by design. I was under the impression that any commercial use of Java, JDK, or JRE required a paid license.
Oh, wait. The Java updater does not install an OpenJDK build. Why are you using the Java updater to deploy server applications? Oracle's free OpenJDK builds are here: http://jdk.java.net/
Anyway, the fact that you're using the updater means you're on Java 8. The five-year-old JDK 8 is past its free updates for commercial use. If you must keep using 8 (and continue getting updates) for commercial uses, you must either: buy support from Oracle (same as before for JDK 7 past its end of free updates), buy support from someone else, get OpenJDK builds from other organizations (like AdoptOpenJDK), or continue using an out-of-date version.
This has always been the case with old JDKs, except now you have a few more options than before. The best option is, of course, to upgrade to the current JDK (12), and keep getting free updates forever.
The recommended deployment model for Java now is to bundle the runtime with the application. The "desktop/consumer" JRE is gone in newer versions. Ask whoever it is that produces the Java software you're using to bundle the runtime with it. People who don't develop Java shouldn't concern themselves with Java runtime installations and licenses.
> Oracle now provides the JDK under a 100% free and open source license
Such altruism; Can they do this for the TCK? Why not? Maybe all of Graal then? That seems to be where many of the dev efforts went after some staff for those now-free, previously-closed components were either repurposed or let go. I don't mind a company trying to make money (granted, not a fan of doing it on the language itself), but we shouldn't pretend they are selfless by treating actions that other languages had long since done as special.
You think that large open source projects developed by hundreds of full-time engineers are meant to be altruistic? Spending ~$100M a year (that's my estimate; I don't have numbers) is not meant as a charitable contribution, and if it were, I'd rather companies contribute this kind of money to worthier causes than software.
> Can they do this for the TCK?
The TCK is provided free of charge to people who produce OpenJDK builds. It is not provided free of charge to people who produce non-OpenJDK JDKs.
> Why not?
Perhaps because this is still seen as another channel to fund all those hundreds of full-time developers who make this open source software. All open source projects of this magnitude -- Chrome, .NET, Android, Swift -- are also funded by various income channels. I don't think any one of those, including OpenJDK, is open for selfless purposes. That's just not how "Big Open Source" generally works. But it is a fact that Oracle open sourced the entire JDK, and many people think that's a very good thing.
There are differences which are worth noting. Any system shouldn't be considered open if test cases are held in secret (even if they are just implementation test cases). Opening the entire language and runtime is considered the norm these days, not especially laudable.
First, I didn't say it was laudable, just that it's a fact. Second, is it the norm? Neither Cocoa nor .NET are fully open source AFAIK. Finally, the TCK tests aren't held in secret; they are licensed for free, but are just not open source (yet?). There are plenty of tests in OpenJDK, though: http://hg.openjdk.java.net/jdk/jdk/file/805584336738/test
The goal might be forced evolution. A few years ago no startups wanted to touch Java, and the ecosystem was lagging. The rapid release cycle is bringing much needed improvements
