[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OpenJDK / default JDK for squeeze / issues on mips / open security issues for lenny

On 01/19/2011 10:36 PM, Florian Weimer wrote:
> * tony mancill:
>> On 01/14/2011 11:46 AM, Florian Weimer wrote:
>>> * tony mancill:
>>>> As per Section 5.8.5 of the Developer's Reference, I'd like to get
>>>> confirmation from the Security Team that they are anticipating and
>>>> approve of the upload of the new source version.  (My apologies if this
>>>> has already been covered; I joined the thread already in progress.)
>>> Would you please show us the debdiff to the version in squeeze, and
>>> the list of dependencies of the .deb file?  Alternatively, please put
>>> the files on people.debian.org, so that we can have a look at them
>>> before the upload.  Thanks for your support in this matter.
>>> Do you plane to switch to IcedTea 1.9 or a later version during the
>>> squeeze release?
>> Because the debdiff is quite large (from 6b11 to 6b18), I've uploaded
>> the build to people.debian.org.
> For that reason, I asked for a debdiff against the *squeeze*
> version. 8-)

Whoops - sorry I missed that aspect of the request.

> What is the following change about?
> --- openjdk-6-6b18-1.8.3/Makefile.in
> +++ openjdk-6-6b18-1.8.3.orig/Makefile.in
> @@ -800,7 +800,6 @@
>         --enable-zero $(am__append_25) --disable-docs $(filter-out \
>         '--with-gcj-home=% '--with-ecj=% '--with-java=% \
>         '--with-javah=% '--with-rmic=% '--with-additional-vms=% \
> -       '--with-hotspot-build=% '--with-hotspot-src-zip=% \
>         '--with-openjdk '--with-openjdk=% , $(CONFIGURE_ARGS)) $(if \
>         $(findstring --with-openjdk-src-zip=, $(CONFIGURE_ARGS)),, \
>         --with-openjdk-src-zip=$(abs_top_builddir)/$(OPENJDK_SRC_ZIP)) \
> @@ -811,7 +810,7 @@
>         BUILD_JAXWS=false     ALT_JAXWS_DIST=$(ICEDTEA_BUILD_DIR)/jaxws/dist \
>         BUILD_CORBA=false     ALT_CORBA_DIST=$(ICEDTEA_BUILD_DIR)/corba/dist \
>         BUILD_JDK=false \
> +       DISTRIBUTION_PATCHES='$(foreach p,$(DISTRIBUTION_PATCHES),$(if $(findstring cacao,$(p)),,$(p)))'
> -       DISTRIBUTION_PATCHES='$(foreach p,$(DISTRIBUTION_PATCHES),$(if $(findstring cacao,$(p)),,$(subst -hs17,-original,$(p))))'
> This is present both relative to squeeze and to a direct rebuild for
> lenny (according to Matthias Klose's suggestion), so it seems that you
> applied it.

I'll have to dig into the source of this change (or better, start over
with the current squeeze package).  The only patch that should be
applied is the ca-certificates-java patch.

>> So everyone's clear, I did this under the impression that what was
>> needed for lenny was essentially a binary build of the current version
>> in testing.
> AFAICT, your packages will introduce pulseaudio support and replace
> the browser plugin code (which might need updating the conflict with
> icedtea-gcjwebplugin).  If you follow Matthias' suggestion (plus the
> ca-certificates-java patch), then you end up with something closer to
> the lenny version.  Which approach carries less risk, in your opinion?

Frankly, I'm not well-versed enough in the various issues to assert an
opinion.  Off the cuff, I'd say that staying as close to what's in lenny
in terms of dependencies/conflicts is less risky (but that's admittedly
an attempt at a common-sense answer).  I'll do testing of the package
(once I sort out what happened with Makefile.in) on a lenny desktop.

Thank you,

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: