Java apps ver 5,6,7 do not list subversions but ver 8 does?
Hey, I'm sure everyone is sick of Java related questions... However I wanted to ask why the ARL does not breakout the subversions on more of the Java applications, specifically 5,6,7 ? And then ver 8 seems to have the subversions listed? Curious what the reasoning is behind that...
P.S. I suppose we just trust the ARL, if it's labeled as "(Public)" and/or "Freeware"?
I expect the differences you see here are because of different license conditions that Oracle have applied to different subversions of Java components. Where different license conditions apply to different subversions, they will be broken out as separate applications in the ARL. You will also find applications in the ARL that aren't broken out by subversion - examples of reasons why these applications exact are because different license conditions don't apply to subversions, or to support recognition of raw evidence that inventory sources may provide that don't specifically identify subversions.
@matt_jones - If you look at the different version of Java in the ARL, you will notice that some of them are listed as "Freeware" and some of them are listed as "Commercial". When Oracle made the announcement on having to purchase support for Java, they did make a decision that older versions of Java would not need to be licensed. Instead of doing this on a nice even number, the version number cutoff was something similar to 8.0.2xx (not sure off the top of my head what the exact version number was).
To accomodate this rule, the ARL was changed so that for Version 8.xx of Java, we had the sub-versions at a low enough level to enforce this rule.
As another example, any version of Java that is 7.x is Freeware, so the ARL does not need to break out the sub-versions.
I hope this helps and makes sense.
Unfortunately, it would be much simpler if the ARL would break out the subversions in this case... because of Oracle's crazy licensing. Or if it was easier to see what subversions are included in the "Java Platform (Public) Standard" and "Java Platform Standard" applications. I understand why it's not needed for other applications in the ARL, because not many publishers license to the different subversions. (again I refer back to "Oracle's crazy licensing" statement... 😄) It would help satisfy many people at my organization to be able to see the subversions, instead of just trusting "some system" (FNMS). 😉
And just to clarify, there are subversions of 5, 6, 7 that are NOT freeware. As you can tell by the fact there are "(Public)" and Non-Public applications of each. I wouldn't want anyone else to read this and think they are in the clear...
Thanks again guys!
question why no subversions in ARL for Java 5 to 7: because of history. Flexera was first very poor on java, then has taken into account java 8 (and > 😎 subversions, then Flexera has taken into account old versions (5 to 7) but in a more simplified way at application level. Nevertheless if you want to look at subversion, they are all in the evidences, and you can create application you need for that (for exemple, java 7 update 80).
remark, is Oracle licensing crazy ? Of course, but more than crazy :
1) if you know that updates > 202 for 8 are commercial for example, all updates bellow 202 are not public ! you have to look after the build (java 8.0.2020.XXX), and for Java 8, when XXX > 30, software are restricted ! Flexera is working on this point, which is not currently covered in ARL (but easy to deal manually with evidences).
2) when you will face bundles that will include Oracle Java License, you will see Nirvana. Oracle does not communicate about all Oracle product bundles (for example, Java is included in solaris) and of course not about ISV bundles...