Re: OpenJDK / default JDK for squeeze / issues on mips / open security issues for lenny
* tony mancill:
> On 01/14/2011 11:46 AM, Florian Weimer wrote:
>> * tony mancill:
>>
>>> As per Section 5.8.5 of the Developer's Reference, I'd like to get
>>> confirmation from the Security Team that they are anticipating and
>>> approve of the upload of the new source version. (My apologies if this
>>> has already been covered; I joined the thread already in progress.)
>>
>> Would you please show us the debdiff to the version in squeeze, and
>> the list of dependencies of the .deb file? Alternatively, please put
>> the files on people.debian.org, so that we can have a look at them
>> before the upload. Thanks for your support in this matter.
>>
>> Do you plane to switch to IcedTea 1.9 or a later version during the
>> squeeze release?
>
> Because the debdiff is quite large (from 6b11 to 6b18), I've uploaded
> the build to people.debian.org.
For that reason, I asked for a debdiff against the *squeeze*
version. 8-)
What is the following change about?
--- openjdk-6-6b18-1.8.3/Makefile.in
+++ openjdk-6-6b18-1.8.3.orig/Makefile.in
@@ -800,7 +800,6 @@
--enable-zero $(am__append_25) --disable-docs $(filter-out \
'--with-gcj-home=% '--with-ecj=% '--with-java=% \
'--with-javah=% '--with-rmic=% '--with-additional-vms=% \
- '--with-hotspot-build=% '--with-hotspot-src-zip=% \
'--with-openjdk '--with-openjdk=% , $(CONFIGURE_ARGS)) $(if \
$(findstring --with-openjdk-src-zip=, $(CONFIGURE_ARGS)),, \
--with-openjdk-src-zip=$(abs_top_builddir)/$(OPENJDK_SRC_ZIP)) \
@@ -811,7 +810,7 @@
BUILD_JAXWS=false ALT_JAXWS_DIST=$(ICEDTEA_BUILD_DIR)/jaxws/dist \
BUILD_CORBA=false ALT_CORBA_DIST=$(ICEDTEA_BUILD_DIR)/corba/dist \
BUILD_JDK=false \
+ DISTRIBUTION_PATCHES='$(foreach p,$(DISTRIBUTION_PATCHES),$(if $(findstring cacao,$(p)),,$(p)))'
- DISTRIBUTION_PATCHES='$(foreach p,$(DISTRIBUTION_PATCHES),$(if $(findstring cacao,$(p)),,$(subst -hs17,-original,$(p))))'
This is present both relative to squeeze and to a direct rebuild for
lenny (according to Matthias Klose's suggestion), so it seems that you
applied it.
> So everyone's clear, I did this under the impression that what was
> needed for lenny was essentially a binary build of the current version
> in testing.
AFAICT, your packages will introduce pulseaudio support and replace
the browser plugin code (which might need updating the conflict with
icedtea-gcjwebplugin). If you follow Matthias' suggestion (plus the
ca-certificates-java patch), then you end up with something closer to
the lenny version. Which approach carries less risk, in your opinion?
Reply to: