[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mystery meat OpenJDK builds strike again

Hi Gil,

On Mon, May 27, 2019 at 1:41 AM Gil Tene <gil@azul.com> wrote:

You see factual reporting (directly documented and dated in the original posting) of the actual version numbers being used by official docker images, along with irrefutable proof that the packages used in those were built weeks before the respective OpenJDK 8u and 11u releases were complete, as “fake news”?

You think that alerting millions of unsuspecting people using exposed, insecure builds that falsely report their OpenJDK version (as one that includes e.g. critical security fixes) to the fact as “marketing”?

Did you try to contact Debian folks to give them opportunity to fix those security concerns before going public with them? Or did they not react in time?

Cheers, Thomas

Reply to: