[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OpenJDK / default JDK for squeeze / issues on mips / open security issues for lenny

On 23.12.2010 05:10, tony mancill wrote:
On 12/22/2010 04:13 PM, Matthias Klose wrote:
On 17.12.2010 15:58, Adam D. Barratt wrote:
On Fri, December 17, 2010 14:16, tony mancill wrote:
On 12/13/2010 03:22 PM, Matthias Klose wrote:
so please use the one from unstable, re-generate the control file on a
stable system, and re-upload.


Hello Matthias -

I'm able to build the version from unstable fine (it took 530 minutes...
:)  I want to make sure I understand what you mean by "re-generate the
control file on a stable system" - this simply means building the
current source package in a clean squeeze chroot, right?

*cough* lenny :)

why do you cough? because you see the same security disaster for squeeze?

openjdk-6-6b18-1.8.3-2 migrated into testing on December 19th.  Should we be
targeting anything newer than that for the release?

IMO, yes. OpenJDK-6 has a non-changing specification, the updates are usually backported bug fixes, and new versions of the VM and third party components like jaxp and jaxws. You see all these kind of updates in the sun-java6 packages already landing in stable updates. So apparently these are found to be good and nothing should prevent inclusion of the same stuff in OpenJDK-6.

The alternative of picking up single patches doesn't work as the lenny example shows (I won't fix these myself, and neither the other openjdk-6 packagers nor the security team show any interest in getting these applied for stable releases).

Another good thing would be splitting out NetX and the plugin from the openjdk-6 sources (the last security update did only affect NetX), which is planned in IcedTea for January.


Reply to: