Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.maint.java > #11224
| Path | csiph.com!aioe.org!bofh.it!news.nic.it!robomod |
|---|---|
| From | tony mancill <tmancill@debian.org> |
| Newsgroups | linux.debian.maint.java |
| Subject | Re: Debian distributions of stable OpenJDK updates |
| Date | Mon, 27 May 2019 00:00:01 +0200 |
| Message-ID | <y29ln-5aH-1@gated-at.bofh.it> (permalink) |
| References | <xZNyG-7L7-3@gated-at.bofh.it> <xZPK9-xq-5@gated-at.bofh.it> <xZPK9-xq-3@gated-at.bofh.it> <xZQdc-WR-5@gated-at.bofh.it> <y0Yil-2bM-3@gated-at.bofh.it> <y0Zo6-34M-13@gated-at.bofh.it> <y13UJ-5GX-3@gated-at.bofh.it> <y1iK6-6EQ-9@gated-at.bofh.it> <y1n73-ZJ-3@gated-at.bofh.it> <y27jz-3XG-3@gated-at.bofh.it> |
| X-Mailbox-Line | From debian-java-request@lists.debian.org Sun May 26 21:52:11 2019 |
| Old-Return-Path | <tmancill@gmail.com> |
| X-Amavis-Spam-Status | No, score=-11.077 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DIGITS_LETTERS=1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, LDO_WHITELIST=-5, MURPHY_DRUGS_REL8=0.02, PGPSIGNATURE=-5, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no |
| X-Policyd-Weight | using cached result; rate: -5.5 |
| Dkim-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=Zwzq+/cPbR9+uReTgfwKHC6o6tmdxP5Gg98a09e3SKs=; b=COl8an+MasofET52Lf+Ybffn2Uj6fW+ch/l43nQaWCWO9xNRbpAw8Wk/ZJCxQZ8b8u 1NbAQNfhrRriBqzEDugOOLnL9bonK286F1C4SJEL6Ned9sAnd2WUlkutd9ugfCVX3N1P JOaY1wFaAqaxbAV/4ox0Cj3tf66JQwg9pt96TDjQihIfFB98U4UbNxYM8UB87HXMQgjX 1wJ19XroKzQYr+nTAbMIWUsl9SSyhc+ybf7ijXLC7bh0GlKULbU2ODMNIoVyo6a3qzw9 9semsrilx+D1UfU3hGQ+VI5Wcx60fcpBaXFiwUWj9cSxu8VKsaO9U++fHAS9fVU+6MtJ lL/w== |
| X-Google-Dkim-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=Zwzq+/cPbR9+uReTgfwKHC6o6tmdxP5Gg98a09e3SKs=; b=ecXlvPdlioitCJSgN69326gB6ZdlSbMQB6G53jNBaSThImDU69ir3qNxGsbCFYrJA9 araRkMjuHzKPwpTkzTwdgMxo2fstiorhM6Q3qqG6gNB6qnpJUACo1j5W+MpK/N0ugawv uupVKZ+gwDmba+HK8mLTsYzO46ifshFGcdIyg2P740eQLwmSgcGCsdy7haP557K48AXz Y0nJbbLJrdFmLeJcjzw+bvVuKfMqi2NpVBPoAt4iOm+rf+AOMzlMuFrHKqMNZGiTTvE/ SjBLFezQCjPWuuAxYq4Ye7+JtYjxi/wfe1OjvMWLFgsiDoNwRXzbVFbec7rH2yHQ5qSX BdqQ== |
| X-Gm-Message-State | APjAAAW7mdRGKeO3TaM1ATaue71hltmJKqGtxIyiL6wPq7RCRGqqIrhT EuLZDWHP3cj+ZlAXli7Yyfs= |
| X-Google-SMTP-Source | APXvYqw/sotFVUETURzYazV8AFNuqYGNvBDvvGxXndfoWkT4h/kKGmtk3YbXnqrOV86j6k5bzsjgww== |
| X-Received | by 2002:a62:3605:: with SMTP id d5mr111768481pfa.28.1558907515894; Sun, 26 May 2019 14:51:55 -0700 (PDT) |
| Sender | robomod@news.nic.it |
| MIME-Version | 1.0 |
| Content-Type | multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="t2vkifo2f5b24kck" |
| Content-Disposition | inline |
| User-Agent | NeoMutt/20180716 |
| X-Mailing-List | <debian-java@lists.debian.org> archive/latest/21751 |
| List-ID | <debian-java.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-java/> |
| List-Archive | https://lists.debian.org/msgid-search/20190526215152.bz5a5mihbg5kgqag@lark |
| Approved | robomod@news.nic.it |
| Lines | 109 |
| Organization | linux.* mail to news gateway |
| X-Original-Cc | Martijn Verburg <martijnverburg@gmail.com>, debian-java@lists.debian.org |
| X-Original-Date | Sun, 26 May 2019 14:51:52 -0700 |
| X-Original-Message-ID | <20190526215152.bz5a5mihbg5kgqag@lark> |
| X-Original-References | <d7bd9794-cfa3-a766-659b-f90fa8b279d8@apache.org> <4312b8ae-a1e9-7780-d7f5-37a2a7ec768a@redhat.com> <67ac780f-42e1-26cc-a8ed-f26ba091a9a0@apache.org> <a7b71570-a04c-2c48-c1dd-6a0a7a18ab4c@redhat.com> <9fce0f82-810f-a155-d9c2-2de8ddbafbbc@apache.org> <CAP7YuARgoeZs_TAtPwPKmjTCPH+kA2tcOaVdAD6naGJW1COxhg@mail.gmail.com> <110cbc62-6577-b6aa-c487-151a74560593@apache.org> <20190524133947.tfsboprzcs2eaf4m@lark> <CAP7YuARx11MgNC6Hfc_OoYa=ZKQC+1EhtQnYWQDXU9WGbDVxXw@mail.gmail.com> <09c5b205-eb68-bd44-ee13-4b59f255ed2a@debian.org> |
| X-Original-Sender | tony mancill <tmancill@gmail.com> |
| Xref | csiph.com linux.debian.maint.java:11224 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
On Sun, May 26, 2019 at 09:47:13PM +0200, Matthias Klose wrote: > On 24.05.19 20:29, Martijn Verburg wrote: > > On Fri, 24 May 2019 at 15:40, tony mancill <tmancill@debian.org> wrote: > > > >> On Thu, May 23, 2019 at 11:58:14PM +0200, Emmanuel Bourg wrote: > >>> Le 23/05/2019 à 19:04, Martijn Verburg a écrit : > >>> > >>>> What was the difficulty in grabbing the 11.0.3+7 tag directly? > >>> > >>> The difficulty is the policy that applies to backported packages. A > >>> package that is backported from the Debian release n+1 to the release n > >>> has to remain upgradable when the system is upgraded. For this to happen > >>> the version backported must rank lower than the version in the next > >>> release. That's why there are weird suffixes appended to the versions of > >>> the backported packages (1.2.3-1~bpo9+1 is lower than 1.2.3-1). > >>> > >>> Currently Debian Buster has openjdk-11/11.0.3+1-1, so it isn't possible > >>> to upload the version 11.0.3+7-1~bpo9+1 to stretch-backports. The only > >>> solutions is to either upgrade openjdk-11 in testing to a version higher > >>> than 11.0.3+7, or patch the existing version. Since testing is currently > >>> frozen and difficult to update until the release of Buster, it leaves > >>> only the patch solution. > >> > >> Emmanuel, > >> > >> It seems like we need to bring this up with the Release and Security > >> teams. Releasing Buster with mulitple critical open CVEs in the JVM > >> isn't a good experience for our users. My proposal is that we do what > >> we need to get 11.0.3-ga-1 into Buster. > >> > >> From a versioning standpoint, this should work. Am I missing something? > >> > >> $ dpkg --compare-versions 11.0.3-ga-1 gt 11.0.3+7-1 && echo "11.0.3-ga-1 > >> is newer" > >> 11.0.3-ga-1 is newer > > I don't think that playing games with version numbers is a good thing to do. > Version numbers should match the upstream source release, and the binary > packages should not change that version. Of course openjdk has a split > personality to give even another version when called with java --version > > The final 11.0.3 release: > https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-April/000951.html > > does *not* contain the ea specifier. Hi Matthias, Thank you for weighing in on the thread. I have been building openjdk packages all weekend and now understand that the version number is required to be numeric as per the upstream build system - i.e., VERSION_BUILD won't pass the test here [1] if it is arbitrarily changed from from 7 to ga. So 11.0.3+7 it is. My bad for proposing otherwise in this thread, before I got more familiar with the build system... For the update to buster via testing-proposed-updates, I have prepared 11.0.3+7-4+deb10u1, which is simply your 11.0.3+7-4 package [2] targeted at buster via t-p-u and with the changelog updated to note that 11.0.3+7 is the GA release from OpenJDK. This will address the CVEs currently open against the version in buster. Does that sound acceptable for upload to Debian? Would you prefer a different approach? Thank you, tony [1] http://hg.openjdk.java.net/jdk-updates/jdk11u/file/175eb80c253a/make/autoconf/jdk-version.m4#l40 [2] https://tracker.debian.org/news/1038802/accepted-openjdk-11-11037-4-source-into-unstable/
Back to linux.debian.maint.java | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-20 12:20 +0200
Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-20 14:40 +0200
Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-20 15:10 +0200
Re: Debian distributions of stable OpenJDK updates tony mancill <tmancill@debian.org> - 2019-05-22 06:20 +0200
Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-22 12:30 +0200
Re: Debian distributions of stable OpenJDK updates tony mancill <tmancill@debian.org> - 2019-05-22 16:40 +0200
Re: Debian distributions of stable OpenJDK updates Matthias Klose <doko@debian.org> - 2019-05-26 22:00 +0200
Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-27 00:00 +0200
Re: Debian distributions of stable OpenJDK updates Matthias Klose <doko@debian.org> - 2019-05-27 16:00 +0200
Re: Debian distributions of stable OpenJDK updates Thorsten Glaser <t.glaser@tarent.de> - 2019-05-27 18:50 +0200
Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-23 18:00 +0200
Re: Debian distributions of stable OpenJDK updates Martijn Verburg <martijnverburg@gmail.com> - 2019-05-23 19:10 +0200
Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-24 00:00 +0200
Re: Debian distributions of stable OpenJDK updates Thorsten Glaser <t.glaser@tarent.de> - 2019-05-24 00:50 +0200
Re: Debian distributions of stable OpenJDK updates tony mancill <tmancill@debian.org> - 2019-05-25 18:10 +0200
Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-27 17:10 +0200
Re: Debian distributions of stable OpenJDK updates Thorsten Glaser <t.glaser@tarent.de> - 2019-05-27 18:40 +0200
Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-28 10:40 +0200
Re: Debian distributions of stable OpenJDK updates Thorsten Glaser <t.glaser@tarent.de> - 2019-05-29 14:20 +0200
Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-30 00:10 +0200
Re: Debian distributions of stable OpenJDK updates tony mancill <tmancill@debian.org> - 2019-05-24 15:50 +0200
Re: Debian distributions of stable OpenJDK updates Martijn Verburg <martijnverburg@gmail.com> - 2019-05-24 20:30 +0200
Re: Debian distributions of stable OpenJDK updates Matthias Klose <doko@debian.org> - 2019-05-26 21:50 +0200
Re: Debian distributions of stable OpenJDK updates tony mancill <tmancill@debian.org> - 2019-05-27 00:00 +0200
Re: Debian distributions of stable OpenJDK updates Matthias Klose <doko@debian.org> - 2019-05-27 16:10 +0200
Re: Debian distributions of stable OpenJDK updates Thorsten Glaser <t.glaser@tarent.de> - 2019-05-27 18:40 +0200
debian/watch file for OpenJDK (was Re: Debian distributions of stable OpenJDK updates) Emmanuel Bourg <ebourg@apache.org> - 2019-05-28 10:30 +0200
Re: debian/watch file for OpenJDK (was Re: Debian distributions of stable OpenJDK updates) Paul Wise <pabs@debian.org> - 2019-05-28 11:20 +0200
Re: debian/watch file for OpenJDK (was Re: Debian distributions of stable OpenJDK updates) Emmanuel Bourg <ebourg@apache.org> - 2019-05-28 11:30 +0200
Re: debian/watch file for OpenJDK (was Re: Debian distributions of stable OpenJDK updates) Tiago Daitx <tiago.daitx@canonical.com> - 2019-05-29 04:10 +0200
Re: debian/watch file for OpenJDK (was Re: Debian distributions of stable OpenJDK updates) Tiago Daitx <tiago.daitx@canonical.com> - 2019-05-29 04:20 +0200
Re: debian/watch file for OpenJDK (was Re: Debian distributions of stable OpenJDK updates) Thorsten Glaser <t.glaser@tarent.de> - 2019-05-29 14:20 +0200
Re: debian/watch file for OpenJDK (was Re: Debian distributions of stable OpenJDK updates) Dalibor Topic <dalibor.topic@oracle.com> - 2019-05-29 16:00 +0200
Re: Debian distributions of stable OpenJDK updates Emmanuel Bourg <ebourg@apache.org> - 2019-05-30 00:00 +0200
Re: Debian distributions of stable OpenJDK updates Thorsten Glaser <t.glaser@tarent.de> - 2019-05-30 00:30 +0200
Re: Debian distributions of stable OpenJDK updates Matthias Klose <doko@debian.org> - 2019-06-10 11:40 +0200
Re: Debian distributions of stable OpenJDK updates Martijn Verburg <martijnverburg@gmail.com> - 2019-05-27 12:30 +0200
csiph-web