Question on the "Updates Project" processes
Rob McKenna
rob.mckenna at oracle.com
Tue Oct 16 17:01:11 UTC 2018
Hi folks,
I'm planning to stick with this approach. (i.e. no extra approval
needed, but send out a notification) I'll add language to the project
page to that effect.
-Rob
On 01/08/18 16:41, Andrew Hughes wrote:
> On 19 July 2018 at 00:03, Rob McKenna <rob.mckenna at oracle.com> wrote:
> > Hi Volker:
> >
> > On 18/07/18 15:50, Volker Simonis wrote:
> >> Hi Rob,
> >>
> >> yesterday you've pushed the security fixes for JDK 10.0.2 into the
> >> jdk10u repository [2] but I haven't seen a "Request for approval" for
> >> these changes as this has been requested for the corresponding
> >> security updates in the jdk8u project [3]. Aren't such approvals
> >> required any more for the new updates project?
> >>
> >
> > I'm in two minds about this. We've moved away from mailing list
> > approvals for the jdk-updates project and it seems redundant to add the
> > labels to these issues when they've already been through the critical
> > request process, but perhaps I need to rethink that. Leave that with me.
> >
>
> It also wouldn't be visible to many of us anyway, because the security
> issues are private.
>
> I've always found the actual review element rather redundant (and, given
> the time between review and approval, I expect it's often rubber-stamping
> work done privately). The main benefit has been to know that the patches
> are in the repository, so I'd be quite happy with a notification on
> this instead.
> --
> Andrew :)
>
> Senior Free Java Software Engineer
> Red Hat, Inc. (http://www.redhat.com)
>
> Web Site: http://fuseyism.com
> Twitter: https://twitter.com/gnu_andrew_java
> PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
> Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
More information about the jdk-updates-dev
mailing list