Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.maint.java > #11221

Re: Debian distributions of stable OpenJDK updates

Path csiph.com!aioe.org!bofh.it!news.nic.it!robomod
From Matthias Klose <doko@debian.org>
Newsgroups linux.debian.maint.java
Subject Re: Debian distributions of stable OpenJDK updates
Date Sun, 26 May 2019 22:00:01 +0200
Message-ID <y27tf-40Z-3@gated-at.bofh.it> (permalink)
References <xZNyG-7L7-5@gated-at.bofh.it> <xZNyG-7L7-3@gated-at.bofh.it> <xZPK9-xq-5@gated-at.bofh.it> <xZPK9-xq-3@gated-at.bofh.it> <xZQdc-WR-5@gated-at.bofh.it> <xZQdc-WR-3@gated-at.bofh.it> <y0qTo-6RG-3@gated-at.bofh.it> <y0qTn-6RG-1@gated-at.bofh.it> <y0wFs-20z-1@gated-at.bofh.it>
X-Original-To Emmanuel Bourg <ebourg@apache.org>, Aleksey Shipilev <shade@redhat.com>, debian-java@lists.debian.org
X-Mailbox-Line From debian-java-request@lists.debian.org Sun May 26 19:53:18 2019
Old-Return-Path <doko@debian.org>
X-Amavis-Spam-Status No, score=-7.68 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, LDO_WHITELIST=-5, MURPHY_DRUGS_REL8=0.02, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
X-Policyd-Weight using cached result; rate:hard: -3.5
Old-X-Envelope-From doko@debian.org
Openpgp preference=signencrypt
Autocrypt addr=doko@debian.org; prefer-encrypt=mutual; keydata= xsFNBFSG0WgBEADcWrLbnzkO07eqpkPsp0fRr2Tuhp+MABPwSS0msANqPiy9eWYGIXf2zHam Z77aKC+dykpnHn5ibvgOa70P5PBT+Ydk5EzI6Y98FvPQkuPFxkE29NK3Gn3DPHuAyfVpE0FM lMr9e10K+ZhY++nG4ZzHQUkg52iwlZ5twjpF0nwbtfHUMAPStCGC+orXnqcdmUq96r94+lZ2 Dsb2S67TM2umnqkzuIHlbhBXtnFiDtql+wW/Axqa6hGAVqks6OTX5NxGr+FTQ0UuptxhADZ2 S4cpftUROB7DgpDl3lGicvuOwW/UWJZMp0MwKJqu56Ajgu3IQM2oTTNmDLRP243gR5PxC1Yw VXhCG+juCO4Y1ous5fwCthiOE/3vOtF+GHRDVgikNKjv5MnsqbMJytAMIZS2uN07SPZKC4vX Vcw6KCBOBQhlrLTeffmPpnQzSUFwPJAySFFWjjpGLngglGM75zRa59PkVkPkeXKqz0O33xXm q6v3YNJNQgNVLAfn6rWmAckUly9mXmjAEvonrkR5impsyUGYPFHxb8TDhsGB6t9MHtMhr4pt wBMXv8aIWHfQndRvigfJC/xy7Su7qEaChuCjHEVVTuEEsnkKXOm7++VJsXG3wJBvqENu/9Lp uktBijnojbYrb0z+qgKt6jhBjUEy/iyfgQb4hwRX4jZ1T891dwARAQABzSBNYXR0aGlhcyBL bG9zZSA8ZG9rb0BkZWJpYW4ub3JnPsLBdwQTAQgAIQIbAwIeAQIXgAUCVIbUigULCQgHAwUV CgkICwUWAgMBAAAKCRC9fqpgd4+m9Rb7EADSQHuJpyADEuZxqlPMhJ/5WHM84Z+k4EQvnaqp czkKmZvtjCDn/8mhIAJ+oZdZer5VITkkUz/bX0ASV+2IDP6wWnZN5DGB9Ta1qFKfXRrVQVC1 bxtw5Rc+l7/dn9Jcz2v6uIzXUaybxRdEvsPrWYEM3WtRiiftm3J2HE7RzC4RplsSIUwSiT26 w5YbQo9im9rABkKdKw2+Y34YZv2QwCDcNqDfWqJQOu7DeN5PZ23V1nPRTcP907Y7OMkqzWOl Jl1Sj2q5g5fXha8c6+KQb52Yiki+7U9Z7pHiFCBEHWoDNMyNl4kUZM2Z5rwyFGAndtp+uHhY W9YIvuLxzvZPSWyEQIkG/k64rjx84SaQ04RuBBj3U1A1zMO/G4tI2rJ/+/TvV4Oa9iG37amI 7navLAtrXKkI1GFuNc/OUX6pezw7jypV3LB+6Z61tkYuwcNcz7NGAmHVuzVH5DI2udc1UogH 0yUO307IyhrmY1vM7Fohcg2fkwYba6PrqsyYhBowFmEk4j9kMuVIJplsEvKx0bIZY4xYgWQg UE1fvl3Fh4zWKzbopV0hMpcWvO0jxR4TG8vJkyZSyZtrRQiyYlIddJkk8HjD9MFSgO/cMQW6 x31A6eaQAhgNVChfv8KN8AZDbVoWvMz4RRwkl9Up8tinNWt2argz540M6DGz4JRHSScL0c7B TQRUhtFoARAAxRsii1f5GJEGnj2KR2Ct1zpIJCXta18v9/NhuVuSBygPYR2XCmVZTd3YivJN dnV5EFr8eQu+hgUxsq2OWAVFJSVb+WtLub0t3APSwTwo5Y+cZvupEwy31Btr9yRZlDns7MTW At1PFoG8iPwQwK6jbnPM+bap0t4o+/nd/7TWGBPgJNPVMxPoA+xCdMnZoiwDDsYsy8Mf6dZC ZfyKqrnDL9pe2hGBIvcY9HmuNP4wsgtPj9vCb01RK2Qd+wRDeePZ/k9sLwbfmeO9Ts8oCBoV Kd948zrQeIWnd2jiFpiROyUd0FeuNwO5CbSmV8HjBCZy8KSnBl/ruNlTIxnwTfpROCkchq8x 1mPQ1k+l+V/dzIGROAcgpNRKoPsciu0nXROgfgl7Fe2UPL7IfZ97UyoJicXlrhYF9jAc2pEQ apdTun88wIGDeLKE/pVl2XNq+PdN4AgFXIGuJZiP2BQdQ2/UU4NERSPzaf6kaDn3D8Q7sLqs cMa8cI7kHLr+fop5VYgubEi/Fv0W7F7YoeEARUMqAt37MpkJW7Mun4JxC/Rjju7JBD6U94Vi +Xqst2uTEp2gPc077CRUkQ2sN0oLzc6AyYCaD3NTFC0CcQA4vj7cMH5v61scpHu4gAMkTmZ/ 1Ys9LNT6lK51A/wJga9MMN3Uw3J48Oi9zv6woU19vlp7Z0EAEQEAAcLBXwQYAQgACQUCVIbR aAIbDAAKCRC9fqpgd4+m9Sj9D/0XNPuzW4p3qPZwwlA834fmMGTHlyxvmz5yCccJl20OM4qO dRtfSUCUfqjeQjUXePDYDfZb+Tys2A1Y0/kN+Y7nkv56WI5Ou1zkXwth3xcRtMar8DIpyfIf CZKy21ybD+GvJZOpRR/n3Gy1f4bnveEZHuitPIm1QPHEjJqHsUjZWhHKqe4J7yA50KYH9hNU N7FP5eE4WczpGrBmfX32zZkf5y0J4vX2YHyMJS4kV2h0fYbP7B3A4D0g7tTdXmmqCi7mgyVC J1iab+XeJ27VeNIOjmKByWiQllcjganhedN5Sh9hFoinjgjcfSmGv1zzgPM8A3hn9vVsOs/8 +ptDR8v7Zk/xIj/sX1SULWHA1m4Z0KvfgPVzFa5vEIYcPLNyhowm63ajrwaR+j/xSWjnKmST nNtaJnxEfFxjEFF6dhZ7cNaIZ2tQCjqMElhSe7JjmVHIxfGKbHJ4tyV9G6wSk++igbWWZNG9 3kZ/4mWpAlAzdStGACmErgfm+zlK3UgKzGWHsiwNB+OFdxmZVXnwCLdRkbvd4vT0PzBrjFOk c55kiQ/DTONVrsniWlttHvaYrlai6IbsUd2krqQcGJJeI4cnHX4pTDcZ2VLowJpDsfV05BV7 WthbUjKgI55iI3ZE5WATelv8dWV8zdLVlWjvYraTxtpSwdkle4wQNntkOdYAsw==
User-Agent Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version 1.0
Content-Type text/plain; charset=windows-1252
Content-Language en-US
Content-Transfer-Encoding 8bit
X-Mailing-List <debian-java@lists.debian.org> archive/latest/21749
List-ID <debian-java.lists.debian.org>
List-URL <https://lists.debian.org/debian-java/>
List-Archive https://lists.debian.org/msgid-search/02e4fd95-f593-aa65-0c32-af695f940edc@debian.org
Approved robomod@news.nic.it
Lines 45
Organization linux.* mail to news gateway
Sender robomod@news.nic.it
X-Original-Date Sun, 26 May 2019 21:52:55 +0200
X-Original-Message-ID <02e4fd95-f593-aa65-0c32-af695f940edc@debian.org>
X-Original-References <4471343c-9b11-c218-2cc4-771170fe0e84@redhat.com> <d7bd9794-cfa3-a766-659b-f90fa8b279d8@apache.org> <4312b8ae-a1e9-7780-d7f5-37a2a7ec768a@redhat.com> <67ac780f-42e1-26cc-a8ed-f26ba091a9a0@apache.org> <a7b71570-a04c-2c48-c1dd-6a0a7a18ab4c@redhat.com> <9998d96b-8745-772d-0dbb-6610d5922c05@apache.org> <9edec39c-abdd-3579-1670-ce261a299e80@redhat.com> <20190522041706.54bt4hbwgv3w6mfc@lark> <1a7e6ebb-5aac-2214-32cb-85981e69bb99@apache.org>
Xref csiph.com linux.debian.maint.java:11221

Show key headers only | View raw

On 22.05.19 12:24, Emmanuel Bourg wrote:
> Le 22/05/2019 à 06:17, tony mancill a écrit :
> 
>> For stable backports and buster, I agree that we should upload an
>> 11.0.3-ga package, particularly given the vulnerabilities still present
>> in 11.0.3+1: CVE-2019-2698, CVE-2019-2684, and CVE-2019-2602
> 
> I've uploaded 11.0.3+1 with a patch bringing it up to 11.0.3+7 to
> stretch-backports yesterday, it's still pending validation.
> 
> 
>> It would be nice to do the same for buster, although now that 11.0.4+x
>> has been introduced to unstable, I believe we'll have to be creative
>> with the naming, either by introducing an epoch or using the
>> "11.0.4+1_really11.0.3-ga" trick.
> 
> I think we should leave 11.0.4 in unstable until the GA release in July
> and upload 11.0.3+7-4 directly to testing through
> testing-proposed-updates. I'm volunteering to deal with this upload if
> Matthias agrees.

well, I disagree ;)  The Debian security team has the policy to take any OpenJDK
update and backport that to stable release.   From my point of view, the Debian
release team is playing games with both the security team, and the OpenJDK
packagers to force something else, although it's unknown to me what they really
want to achieve, if further backports land in stable-security anyway.

>> In general, I think it would be helpful for our users if we uploaded the
>> prereleases to experimental but stuck to GA releases for unstable,
>> testing, and backports.  I think it is easy to mistake, for example, an
>> 11.0.3+x (prerelease) version in Debian with the 11.0.3 GA release being
>> distributed by other projects.

I would like to avoid experimental, because it really doesn't get much testing.
 See the openjdk-11 updates as a stable release branch, and it's worth to check
these out early, because upstream doesn't test most Debian architectures.

> It looks like upstream is going to append a -ea suffix to the version
> reported by the pre-releases [1]. This is a welcome clarification and we
> should ensure our builds do it as well.

no, at least not for the recent release:
https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html

Matthias

Back to linux.debian.maint.java | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-20 12:20 +0200
  Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-20 14:40 +0200
    Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-20 15:10 +0200
      Re: Debian distributions of stable OpenJDK updates tony mancill <tmancill@debian.org> - 2019-05-22 06:20 +0200
        Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-22 12:30 +0200
          Re: Debian distributions of stable OpenJDK updates tony mancill <tmancill@debian.org> - 2019-05-22 16:40 +0200
          Re: Debian distributions of stable OpenJDK updates Matthias Klose <doko@debian.org> - 2019-05-26 22:00 +0200
            Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-27 00:00 +0200
              Re: Debian distributions of stable OpenJDK updates Matthias Klose <doko@debian.org> - 2019-05-27 16:00 +0200
            Re: Debian distributions of stable OpenJDK updates Thorsten Glaser <t.glaser@tarent.de> - 2019-05-27 18:50 +0200
    Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-23 18:00 +0200
      Re: Debian distributions of stable OpenJDK updates Martijn Verburg <martijnverburg@gmail.com> - 2019-05-23 19:10 +0200
        Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-24 00:00 +0200
          Re: Debian distributions of stable OpenJDK updates Thorsten Glaser <t.glaser@tarent.de> - 2019-05-24 00:50 +0200
            Re: Debian distributions of stable OpenJDK updates tony mancill <tmancill@debian.org> - 2019-05-25 18:10 +0200
              Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-27 17:10 +0200
              Re: Debian distributions of stable OpenJDK updates Thorsten Glaser <t.glaser@tarent.de> - 2019-05-27 18:40 +0200
                Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-28 10:40 +0200
                Re: Debian distributions of stable OpenJDK updates Thorsten Glaser <t.glaser@tarent.de> - 2019-05-29 14:20 +0200
                Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-30 00:10 +0200
          Re: Debian distributions of stable OpenJDK updates tony mancill <tmancill@debian.org> - 2019-05-24 15:50 +0200
            Re: Debian distributions of stable OpenJDK updates Martijn Verburg <martijnverburg@gmail.com> - 2019-05-24 20:30 +0200
              Re: Debian distributions of stable OpenJDK updates Matthias Klose <doko@debian.org> - 2019-05-26 21:50 +0200
                Re: Debian distributions of stable OpenJDK updates tony mancill <tmancill@debian.org> - 2019-05-27 00:00 +0200
                Re: Debian distributions of stable OpenJDK updates Matthias Klose <doko@debian.org> - 2019-05-27 16:10 +0200
                Re: Debian distributions of stable OpenJDK updates Thorsten Glaser <t.glaser@tarent.de> - 2019-05-27 18:40 +0200
                debian/watch file for OpenJDK (was Re: Debian distributions of stable  OpenJDK updates) Emmanuel Bourg <ebourg@apache.org> - 2019-05-28 10:30 +0200
                Re: debian/watch file for OpenJDK (was Re: Debian distributions of  stable OpenJDK updates) Paul Wise <pabs@debian.org> - 2019-05-28 11:20 +0200
                Re: debian/watch file for OpenJDK (was Re: Debian distributions of  stable OpenJDK updates) Emmanuel Bourg <ebourg@apache.org> - 2019-05-28 11:30 +0200
                Re: debian/watch file for OpenJDK (was Re: Debian distributions of  stable OpenJDK updates) Tiago Daitx <tiago.daitx@canonical.com> - 2019-05-29 04:10 +0200
                Re: debian/watch file for OpenJDK (was Re: Debian distributions of  stable OpenJDK updates) Tiago Daitx <tiago.daitx@canonical.com> - 2019-05-29 04:20 +0200
                Re: debian/watch file for OpenJDK (was Re: Debian distributions of  stable OpenJDK updates) Thorsten Glaser <t.glaser@tarent.de> - 2019-05-29 14:20 +0200
                Re: debian/watch file for OpenJDK (was Re: Debian distributions of  stable OpenJDK updates) Dalibor Topic <dalibor.topic@oracle.com> - 2019-05-29 16:00 +0200
                Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-30 00:00 +0200
                Re: Debian distributions of stable OpenJDK updates Thorsten Glaser <t.glaser@tarent.de> - 2019-05-30 00:30 +0200
                Re: Debian distributions of stable OpenJDK updates Matthias Klose <doko@debian.org> - 2019-06-10 11:40 +0200
                Re: Debian distributions of stable OpenJDK updates Martijn Verburg <martijnverburg@gmail.com> - 2019-05-27 12:30 +0200

csiph-web