Corporate Training
News/Tech News

Eclipse Adoptium: A 2022 Retrospective and a Look Towards the Future

Published on march 9, 2023

The Adoptium Working Group has released its Eclipse Adoptium: 2022 in Review and 2023 Roadmap document, which looks back on what they accomplished in 2022 and what developers can expect in 2023. Eclipse Adoptium provides Eclipse Temurin JDK and JRE binaries and introduced the Adoptium Marketplace for third parties in 2022. Last year, Adoptium produced 166 releases, each of which was verified by thousands of tests.

AdoptOpenJDK was introduced in 2017 and joined the Eclipse Foundation in 2020. First Temurin JDK builds were released in 2021 and support Linux, Windows, macOS, AIX, Solaris, ARM, x64, x86, and aarch64 architectures.

Adoptium Quality Assurance (AQAVit), an open source test suite, was enhanced last year with new tests, new test pipelines with remote triggers, and Jenkins auto-rerun. Java Test Compatibility Kit (TCK) is a set of tools and documentation designed to verify whether a Java implementation is in compliance with the Java specification. The Adoptium Marketplace was introduced in 2022, which offers runtimes verified by TCK and AQAVit from organizations such as Red Hat, Microsoft, Azul, IBM, Huawei, and Alibaba Cloud. Previously, AdoptOpenJDK provided binaries for other projects such as Eclipse OpenJ9.

Google and Rivos have joined founding members Alibaba Cloud, Microsoft, Red Hat, Azul Systems, Huawei and Karakun as Strategic Members of the Adoptium Working Group. Adoptium’s solutions are viewed as being critical to the future of these organizations. Members may be members of the steering committee or other subcommittees, such as marketing, branding, quality assurance, or infrastructure. Their combined efforts ensure that Adoptium Temurin continues to be a secure, trusted, and high quality distribution for organizations and developers that is available for free and supported for years to come.

A Secure Software Development Framework (SSDF) is a set of practices for establishing secure software development processes. The publication is published by the Department of Commerce’s Computer Security Resource Center, an agency of the National Institute of Standards and Technology. Eclipse Adoptium already utilizes the OWASP CycloneDX Bill of Materials (BOM) standard, which reduces supply chain risk. For Temurin builds, the Software Bill of Materials (SBOM) is produced as a JSON file. In order to discuss future improvements to the SBOM, there is still an open GitHub issue. Adoptium has begun developing reproducible builds, which are binary identical and may be built by third parties. Adoptium has verified that the binaries were built correctly and that the build and distribution process has not been compromised. Besides the existing SHA checksums, GPG signatures were introduced for each build, which can be used to verify that the artifacts have not been modified after Jenkins has built them. On GitHub, two-factor authentication and two-person reviews have now been enabled for all critical repositories.

The Supply Chain Levels for Software Artifacts (SLSA) is a security framework that includes a check-list of standards and controls designed to improve the integrity of software artifacts. Eclipse Temurin has achieved SLSA level 2 compliance, which indicates that the project has started to prevent software tampering and added minimal build integrity measures. In total, there are four levels, with the fourth level ensuring the highest level of build integrity and ensuring that measures for dependency management are in place.

With fewer than a hundred people currently working on the projects, which have millions of downloads per week and thousands of users on Slack, the focus is on growth in 2023. There are plans for more community involvement by Eclipse Adoptium, especially to collect feedback via the Slack channel, for example. It is also intended to encourage users of open source solutions to consider Eclipse Adoptium, which will hopefully lead to the use of other Adoptium projects as well. In addition, they intend to increase collaboration with other Eclipse projects in order to expand the Adoptium community and receive more feedback. In addition, this should lead to greater support from the community in order to improve infrastructure components, such as the automation of AQAvit.

There is a Temurin binaries section on the Adoptium website, along with Marketplace binaries for a variety of other projects, and their documentation provides more information.

Tech News

Windows Forms Binding Improvements in .NET 7 for MVVM Support img

Windows Forms Binding Improvements in .NET 7 for MVVM Support

Command binding preview features are included in the .NET 7 framework in order to modernize Windows Forms applications…

MicroStream becomes a member of the Eclipse Foundation img

MicroStream becomes a member of the Eclipse Foundation

A Java object-graph persistence framework, MicroStream, has announced its participation in the Eclipse…

Our Latest Blog

Mastering Full Stack Python Development with Django A Comprehensive Guide
June 8, 2023By

Mastering Full Stack Python Development with Django: A Comprehensive Guide

Python is a powerful programming language that has taken the world of web development by...
Read More
Mastering Machine Learning A Beginner's Guide to Python
June 7, 2023By

Mastering Machine Learning: A Beginner’s Guide to Python

Welcome to the world of machine learning! With the ever-increasing demand for artificial intelligence and...
Read More
Unlocking the Power of Data Science with Python A Beginner's Guide
June 6, 2023By

Unlocking the Power of Data Science with Python: A Beginner’s Guide

Data science has become an essential part of many industries today, and Python has become...
Read More

Follow Us

Resources

Presentations
Browse LSET presentations to understand interesting…

Explore Now


eBooks
Get complete guides to empower yourself academically…

Explore Now


Infographics
Learn about information technology and business…

Explore Now