[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#975016: Python 2 / OpenJDK 15 support state for Bullseye

On Wed, Nov 18, 2020 at 12:20:37PM +0100, Matthias Klose wrote:
> [removed the Python 2 bits]
> 
> On 11/17/20 11:08 PM, Moritz Muehlenhoff wrote:
> > Package: debian-security-support
> > Severity: normal
> > X-Debbugs-Cc: doko@debian.org, team@security.debian.org
> 
> > openjdk-15 will be included, but not covered by support
> > (as it's only needed to bootstrap openjdk-16 and eventually
> > openjdk-17, the next LTS release of Java).
> > 
> > How about the following for "security-support-limited"?
> > 
> > --------------------
> > openjdk-15                Only included for bootstrapping later OpenJDK releases
> > --------------------
> > 
> > One important thing: These only applies to Bullseye and
> > security-support-limited is currently independent of releases, so this
> > needs to be fixed or alternatively we need to stop rebuilding the current
> > unstable package for older releases and instead branch of per distro.
> 
> As background: OpenJDK 12 can only be built with 11, 13 with 12, 14 with 13, 15
> with 14, 16 with 15. Only having 11 in bullseye would make backports more
> "interesting".

AFAIK open source 3rd party support for OpenJDK 11 is available for the 
whole non-LTS lifetime of bullseye.

This would make it a good option to ship only OpenJDK 11 during
the whole lifetime of bullseye.

Bootstrapping[1] OpenJDK 17 in bullseye-backports could then provide
an additional option for people who need a more recent version.

> For OpenJDK there are two other possibilities, which would require approval by
> release managers / stable release managers.
> 
>  - openjdk-16 will be released in April 2021, which is expected
>    before the bullseye release. Shipping openjdk-16 instead of
>    openjdk-15 would have the advantage that you are able to build
>    openjdk-17 directly, without having to build openjdk-17 (LTS).
> 
>    This would require a feature freeze exception for bullseye.
> 
>  - package a snapshot of openjdk-17 (in April/May 2021), and
>    only ship openjdk-17 in bullseye.   In that case, update to
>    the final openjdk-17 release in Oct 2021 as a stable release
>    update, or as a security update.
> 
>    This would require a feature freeze exception for bullseye.
> 
>    After the bullseye release, it would require an approval of
>    the stable release managers, or approval by the security
>    team as a security update.  I'm not saying that this package
>    should see constant security support, but it is likely
>    that openjdk-17 sees extended support upstream.

New OpenJDK versions tend to cause both buildtime and runtime breakages 
in reverse dependencies, some of them hard to resolve and requiring 
updates to new upstream versions which in turn require new dependencies
that might not even be in Debian.

> Matthias

cu
Adrian

[1] If OpenJDK 17 is in unstable in May, one option might be to
    upload/move these binaries from unstable to bullseye-backports
    and then continue from that.
Reply to: