On 01/19/2011 10:36 PM, Florian Weimer wrote:
* tony mancill:
On 01/14/2011 11:46 AM, Florian Weimer wrote:
* tony mancill:
As per Section 5.8.5 of the Developer's Reference, I'd like to get
confirmation from the Security Team that they are anticipating and
approve of the upload of the new source version. (My apologies if this
has already been covered; I joined the thread already in progress.)
Would you please show us the debdiff to the version in squeeze, and
the list of dependencies of the .deb file? Alternatively, please put
the files on people.debian.org, so that we can have a look at them
before the upload. Thanks for your support in this matter.
Do you plane to switch to IcedTea 1.9 or a later version during the
squeeze release?
Because the debdiff is quite large (from 6b11 to 6b18), I've uploaded
the build to people.debian.org.
For that reason, I asked for a debdiff against the *squeeze*
version. 8-)
Whoops - sorry I missed that aspect of the request.
What is the following change about?
--- openjdk-6-6b18-1.8.3/Makefile.in
+++ openjdk-6-6b18-1.8.3.orig/Makefile.in
@@ -800,7 +800,6 @@
--enable-zero $(am__append_25) --disable-docs $(filter-out \
'--with-gcj-home=% '--with-ecj=% '--with-java=% \
'--with-javah=% '--with-rmic=% '--with-additional-vms=% \
- '--with-hotspot-build=% '--with-hotspot-src-zip=% \
'--with-openjdk '--with-openjdk=% , $(CONFIGURE_ARGS)) $(if \
$(findstring --with-openjdk-src-zip=, $(CONFIGURE_ARGS)),, \
--with-openjdk-src-zip=$(abs_top_builddir)/$(OPENJDK_SRC_ZIP)) \
@@ -811,7 +810,7 @@
BUILD_JAXWS=false ALT_JAXWS_DIST=$(ICEDTEA_BUILD_DIR)/jaxws/dist \
BUILD_CORBA=false ALT_CORBA_DIST=$(ICEDTEA_BUILD_DIR)/corba/dist \
BUILD_JDK=false \
+ DISTRIBUTION_PATCHES='$(foreach p,$(DISTRIBUTION_PATCHES),$(if $(findstring cacao,$(p)),,$(p)))'
- DISTRIBUTION_PATCHES='$(foreach p,$(DISTRIBUTION_PATCHES),$(if $(findstring cacao,$(p)),,$(subst -hs17,-original,$(p))))'
This is present both relative to squeeze and to a direct rebuild for
lenny (according to Matthias Klose's suggestion), so it seems that you
applied it.
I'll have to dig into the source of this change (or better, start over
with the current squeeze package). The only patch that should be
applied is the ca-certificates-java patch.
So everyone's clear, I did this under the impression that what was
needed for lenny was essentially a binary build of the current version
in testing.
AFAICT, your packages will introduce pulseaudio support and replace
the browser plugin code (which might need updating the conflict with
icedtea-gcjwebplugin). If you follow Matthias' suggestion (plus the
ca-certificates-java patch), then you end up with something closer to
the lenny version. Which approach carries less risk, in your opinion?
Frankly, I'm not well-versed enough in the various issues to assert an
opinion. Off the cuff, I'd say that staying as close to what's in lenny
in terms of dependencies/conflicts is less risky (but that's admittedly
an attempt at a common-sense answer). I'll do testing of the package
(once I sort out what happened with Makefile.in) on a lenny desktop.