On 23.12.2010 05:10, tony mancill wrote:
On 12/22/2010 04:13 PM, Matthias Klose wrote:On 17.12.2010 15:58, Adam D. Barratt wrote:On Fri, December 17, 2010 14:16, tony mancill wrote:On 12/13/2010 03:22 PM, Matthias Klose wrote:so please use the one from unstable, re-generate the control file on a stable system, and re-upload. MatthiasHello Matthias - I'm able to build the version from unstable fine (it took 530 minutes... :) I want to make sure I understand what you mean by "re-generate the control file on a stable system" - this simply means building the current source package in a clean squeeze chroot, right?*cough* lenny :)why do you cough? because you see the same security disaster for squeeze?openjdk-6-6b18-1.8.3-2 migrated into testing on December 19th. Should we be targeting anything newer than that for the release?
IMO, yes. OpenJDK-6 has a non-changing specification, the updates are usually backported bug fixes, and new versions of the VM and third party components like jaxp and jaxws. You see all these kind of updates in the sun-java6 packages already landing in stable updates. So apparently these are found to be good and nothing should prevent inclusion of the same stuff in OpenJDK-6.
The alternative of picking up single patches doesn't work as the lenny example shows (I won't fix these myself, and neither the other openjdk-6 packagers nor the security team show any interest in getting these applied for stable releases).
Another good thing would be splitting out NetX and the plugin from the openjdk-6 sources (the last security update did only affect NetX), which is planned in IcedTea for January.
Matthias