the latter issues a warning on startup that this is deprecated and will not be supported in the future:
warning: no-jdk distributions that do not bundle a JDK are deprecated and will be removed in a future release
what are the plans of opensearch here?
- directly abandon the no-jdk distribution
- keep the no-jdk distribution but flag it as deprecated and kick it out with a future major release
- keep the no-jdk distribution fully supported
what is the update strategy for the bundled JDK? how fast will you update all still supported versions of opensearch with an updated JDK if one comes out (esp. if that contains security fixes)?
and which JDK do you plan to bundle, anyway? (with all the licensing implications, etc.)
having the no-jdk distribution has the advantage that we can roll our own docker image with our preferred base image (which is trusted, signed & security-reviewed and contains the latest JDK in the flavour we prefer). this allows us to have a very homogenous landscape in terms of JVMs running in our application stack (makes tracking bugs & security relevant things easier) and - typical big corporation - makes getting approvals from security & co. easier (i don’t have to onboard yet another JDK / JDK vendor).