[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mystery meat OpenJDK builds strike again

On 27.05.19 18:23, Gil Tene wrote:
>> Did you try to contact Debian folks to give them opportunity to fix those security concerns before going public with them? Or did they not react in time?
> 
> Multiple times over ~4.5 years, and through multiple channels. The
> “we don’t care”, “go away, vendor”, and “java and openjdk do versioning
> wrong” reactions are the most common. Many were less polite than that.
> The defensive tone of the email you see on this thread is about average.
> The denial and deflection attempts you see there are also common.

I can't follow that.  There is not a single bug report about that in the Debian
tracker.   Looking at the Debian Java mailing list, there is not a single
posting from your side.  And I can't remember that being discussed on the ML
either.  Also not on the distro-pkg-dev ML.  Same thing for the Ubuntu bug
tracker.  So which channels are you using?

> Some people just don’t want help, at least not from some. And that’s fine.

I raised questions about the versioning on the jdk ML's multiple times.  Most of
those were ignored, or saw the versioning as being correct.  I brought up the
configuration issues at this year OpenJDK committers workshop, but it was voted
down because other topics seemed more pressing to discuss.

Matthias
Reply to: