Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.maint.java > #11221

Re: Debian distributions of stable OpenJDK updates

From Matthias Klose <doko@debian.org>
Newsgroups linux.debian.maint.java
Subject Re: Debian distributions of stable OpenJDK updates
Date 2019-05-26 22:00 +0200
Message-ID <y27tf-40Z-3@gated-at.bofh.it> (permalink)
References (4 earlier) <xZQdc-WR-5@gated-at.bofh.it> <xZQdc-WR-3@gated-at.bofh.it> <y0qTo-6RG-3@gated-at.bofh.it> <y0qTn-6RG-1@gated-at.bofh.it> <y0wFs-20z-1@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

On 22.05.19 12:24, Emmanuel Bourg wrote:
> Le 22/05/2019 à 06:17, tony mancill a écrit :
> 
>> For stable backports and buster, I agree that we should upload an
>> 11.0.3-ga package, particularly given the vulnerabilities still present
>> in 11.0.3+1: CVE-2019-2698, CVE-2019-2684, and CVE-2019-2602
> 
> I've uploaded 11.0.3+1 with a patch bringing it up to 11.0.3+7 to
> stretch-backports yesterday, it's still pending validation.
> 
> 
>> It would be nice to do the same for buster, although now that 11.0.4+x
>> has been introduced to unstable, I believe we'll have to be creative
>> with the naming, either by introducing an epoch or using the
>> "11.0.4+1_really11.0.3-ga" trick.
> 
> I think we should leave 11.0.4 in unstable until the GA release in July
> and upload 11.0.3+7-4 directly to testing through
> testing-proposed-updates. I'm volunteering to deal with this upload if
> Matthias agrees.

well, I disagree ;)  The Debian security team has the policy to take any OpenJDK
update and backport that to stable release.   From my point of view, the Debian
release team is playing games with both the security team, and the OpenJDK
packagers to force something else, although it's unknown to me what they really
want to achieve, if further backports land in stable-security anyway.

>> In general, I think it would be helpful for our users if we uploaded the
>> prereleases to experimental but stuck to GA releases for unstable,
>> testing, and backports.  I think it is easy to mistake, for example, an
>> 11.0.3+x (prerelease) version in Debian with the 11.0.3 GA release being
>> distributed by other projects.

I would like to avoid experimental, because it really doesn't get much testing.
 See the openjdk-11 updates as a stable release branch, and it's worth to check
these out early, because upstream doesn't test most Debian architectures.

> It looks like upstream is going to append a -ea suffix to the version
> reported by the pre-releases [1]. This is a welcome clarification and we
> should ensure our builds do it as well.

no, at least not for the recent release:
https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html

Matthias

Back to linux.debian.maint.java | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-20 12:20 +0200
  Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-20 14:40 +0200
    Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-20 15:10 +0200
      Re: Debian distributions of stable OpenJDK updates tony mancill <tmancill@debian.org> - 2019-05-22 06:20 +0200
        Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-22 12:30 +0200
          Re: Debian distributions of stable OpenJDK updates tony mancill <tmancill@debian.org> - 2019-05-22 16:40 +0200
          Re: Debian distributions of stable OpenJDK updates Matthias Klose <doko@debian.org> - 2019-05-26 22:00 +0200
            Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-27 00:00 +0200
              Re: Debian distributions of stable OpenJDK updates Matthias Klose <doko@debian.org> - 2019-05-27 16:00 +0200
            Re: Debian distributions of stable OpenJDK updates Thorsten Glaser <t.glaser@tarent.de> - 2019-05-27 18:50 +0200
    Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-23 18:00 +0200
      Re: Debian distributions of stable OpenJDK updates Martijn Verburg <martijnverburg@gmail.com> - 2019-05-23 19:10 +0200
        Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-24 00:00 +0200
          Re: Debian distributions of stable OpenJDK updates Thorsten Glaser <t.glaser@tarent.de> - 2019-05-24 00:50 +0200
            Re: Debian distributions of stable OpenJDK updates tony mancill <tmancill@debian.org> - 2019-05-25 18:10 +0200
              Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-27 17:10 +0200
              Re: Debian distributions of stable OpenJDK updates Thorsten Glaser <t.glaser@tarent.de> - 2019-05-27 18:40 +0200
                Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-28 10:40 +0200
                Re: Debian distributions of stable OpenJDK updates Thorsten Glaser <t.glaser@tarent.de> - 2019-05-29 14:20 +0200
                Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-30 00:10 +0200
          Re: Debian distributions of stable OpenJDK updates tony mancill <tmancill@debian.org> - 2019-05-24 15:50 +0200
            Re: Debian distributions of stable OpenJDK updates Martijn Verburg <martijnverburg@gmail.com> - 2019-05-24 20:30 +0200
              Re: Debian distributions of stable OpenJDK updates Matthias Klose <doko@debian.org> - 2019-05-26 21:50 +0200
                Re: Debian distributions of stable OpenJDK updates tony mancill <tmancill@debian.org> - 2019-05-27 00:00 +0200
                Re: Debian distributions of stable OpenJDK updates Matthias Klose <doko@debian.org> - 2019-05-27 16:10 +0200
                Re: Debian distributions of stable OpenJDK updates Thorsten Glaser <t.glaser@tarent.de> - 2019-05-27 18:40 +0200
                debian/watch file for OpenJDK (was Re: Debian distributions of stable  OpenJDK updates) Emmanuel Bourg <ebourg@apache.org> - 2019-05-28 10:30 +0200
                Re: debian/watch file for OpenJDK (was Re: Debian distributions of  stable OpenJDK updates) Paul Wise <pabs@debian.org> - 2019-05-28 11:20 +0200
                Re: debian/watch file for OpenJDK (was Re: Debian distributions of  stable OpenJDK updates) Emmanuel Bourg <ebourg@apache.org> - 2019-05-28 11:30 +0200
                Re: debian/watch file for OpenJDK (was Re: Debian distributions of  stable OpenJDK updates) Tiago Daitx <tiago.daitx@canonical.com> - 2019-05-29 04:10 +0200
                Re: debian/watch file for OpenJDK (was Re: Debian distributions of  stable OpenJDK updates) Tiago Daitx <tiago.daitx@canonical.com> - 2019-05-29 04:20 +0200
                Re: debian/watch file for OpenJDK (was Re: Debian distributions of  stable OpenJDK updates) Thorsten Glaser <t.glaser@tarent.de> - 2019-05-29 14:20 +0200
                Re: debian/watch file for OpenJDK (was Re: Debian distributions of  stable OpenJDK updates) Dalibor Topic <dalibor.topic@oracle.com> - 2019-05-29 16:00 +0200
                Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-30 00:00 +0200
                Re: Debian distributions of stable OpenJDK updates Thorsten Glaser <t.glaser@tarent.de> - 2019-05-30 00:30 +0200
                Re: Debian distributions of stable OpenJDK updates Matthias Klose <doko@debian.org> - 2019-06-10 11:40 +0200
                Re: Debian distributions of stable OpenJDK updates Martijn Verburg <martijnverburg@gmail.com> - 2019-05-27 12:30 +0200

csiph-web