Shadow over Fedora 34 as maintainer of Java packages quits with some choice words for Red Hat and Eclipse

But hey, the release looks OK

Updated Fedora 34, a feature-packed new release of Red Hat's leading edge Linux distribution, was released today, though the main Java package maintainer has quit, urging "affected maintainers to drop dependencies on Java."

Fedora 34 is used by Red Hat to try out new features that are likely to end up in first CentOS Stream and then Red Hat Enterprise Linux (RHEL), the commercial offering.

What is new in Fedora 34? The full list of changes is here and includes:

  • btrfs (B-tree file system), which has been the default for Fedora Workstation since Fedora 33, will now have transparent zstd (Zstandard) compression
  • For audio, PipeWire will be used instead of PulseAudio and JACK - Systemd-oomd, which aims to mitigate out of memory conditions, will be on by default
  • The LLVM toolchain is updated to version 12 with all its sub-projects - The Ruby language is updated from 2.7 to 3.0, and the Ruby on Rails framework to 6.1
  • Wayland will be used by default for KDE editions of Fedora (it is already the default for GNOME)
  • The desktop is GNOME 40, described by Fedora project leader Matthew Miller as "the first time since GNOME 3.0 came out that there's a real rethinking of the basic desktop experience."

Of these, the introduction of GNOME 40 will be the most visible to users, and the switch to PipeWire should improve audio handling significantly.

Fedora program manager Ben Cotton revealed yesterday that Release Candidate (RC) 1.2 was approved for final release today – though the speed of the approval, with just five hours between the completion of the RC and the meeting to approve it, has caused concern. Cotton has said that he is "starting the conversation about how to prevent this in the future."

A revamped overview thanks to GNOME 40 in Fedora 34

A revamped overview thanks to GNOME 40 in Fedora 34

Spoiling the celebrations, Fedora's main Java package maintainer Fabio Valentini said yesterday: "I can no longer in good conscience be the primary maintainer of (most) Java packages in Fedora."

It is worse than that; in a post entitled "The Death of Java (packages)" he said "new versions and even security issues have been piling up for months," that "Java package maintainers from Red Hat have been exceptionally unhelpful, and have not substantially contributed to Java packages in Fedora in years," that the Eclipse Java-based IDE (the packages for which are maintained by someone else) is a "dumpster fire" and that "I see no way for the situation to improve."

Valentini decided to orphan "all Java packages I am the main admin of" adding that "since this is the majority of remaining Java software in Fedora … I expect a decent amount of dependent packages will be affected." His solution is to "urge affected maintainers to drop dependencies on Java, if at all possible."

Cup of Java bitter for many

Miller and Cotton thanked him for his efforts, while others indicated agreement that maintaining Java is particularly burdensome.

"This is a task that has burned out many people (including me)," said Aleksandar Kurtakov from the Red Hat Eclipse team; while Ankur Sinha from the neuro-sig group (neuroscience research) said "the neuro-sig reached a similar conclusion - that they're just too much work or just pretty much impossible to keep in Fedora. We've now accepted that documenting Java tools and asking users to install them directly from upstream is the most we can manage."

There is something alarmingly Windows-like in the way Fedora Workstation demands to be rebooted to install OS updates

There is something alarmingly Windows-like in the way Fedora Workstation demands to be rebooted to install OS updates

Java is of critical importance in RHEL thanks to its use for many enterprise applications, and it is the third most popular programming language according to a recent survey. Java will of course still run fine on Fedora but this is a warning flag for those relying on the supplied packages.

Leaving that aside, Fedora 34 worked smoothly and looked good in our first try with the new release.

Updated at 13.04 BST to add

Following publication of this article, Valentini got in touch to expand on his concerns, and explained to The Reg that: "What I refer to as 'Java packages' is only software written in Java – or another language targeting the JVM – but this does not include the OpenJDK packages. The OpenJDK packages themselves are well-maintained."

He also emphasised that while he has dropped maintaining the Java packages, he remains primary maintainer for some 245 other packages "that I'm happy to keep."

The key issue concerns packages such as LibreOffice and Eclipse that depend on Java software other than the JDK (Java Development Kit). In 2019 the original maintainer of Fedora Java packages orphaned them, believing that modularity, which lets maintainers bundle specific major versions of packages with an application, would make them unnecessary. This turned out to be wrong, thanks to "numerous technical issues," so the Java packages were revived and Valentini and others stepped up to help.

Valentini said they were in good shape for Fedora 33, but that in mid-2020 contributions dwindled and stopped, leaving him with an unmanageable burden. Some packages have now been taken over by others, but he still recommends not building packages that rely on Java as "it's a house of cards waiting to come down." Eclipse, he said, is "almost impossible to package" because it "uses its own build system (tycho), leading to a bootstrap problem," and is "really sensitive to minor changes in its dependency tree."

Similar topics

Broader topics

Other stories you might like

  • Experts: AI should be recognized as inventors in patent law
    Plus: Police release deepfake of murdered teen in cold case, and more

    In-brief Governments around the world should pass intellectual property laws that grant rights to AI systems, two academics at the University of New South Wales in Australia argued.

    Alexandra George, and Toby Walsh, professors of law and AI, respectively, believe failing to recognize machines as inventors could have long-lasting impacts on economies and societies. 

    "If courts and governments decide that AI-made inventions cannot be patented, the implications could be huge," they wrote in a comment article published in Nature. "Funders and businesses would be less incentivized to pursue useful research using AI inventors when a return on their investment could be limited. Society could miss out on the development of worthwhile and life-saving inventions."

    Continue reading
  • Declassified and released: More secret files on US govt's emergency doomsday powers
    Nuke incoming? Quick break out the plans for rationing, censorship, property seizures, and more

    More papers describing the orders and messages the US President can issue in the event of apocalyptic crises, such as a devastating nuclear attack, have been declassified and released for all to see.

    These government files are part of a larger collection of records that discuss the nature, reach, and use of secret Presidential Emergency Action Documents: these are executive orders, announcements, and statements to Congress that are all ready to sign and send out as soon as a doomsday scenario occurs. PEADs are supposed to give America's commander-in-chief immediate extraordinary powers to overcome extraordinary events.

    PEADs have never been declassified or revealed before. They remain hush-hush, and their exact details are not publicly known.

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading

Biting the hand that feeds IT © 1998–2022