Preparation of update releases

Fri Oct 19 16:04:15 UTC 2018

Thanks for the new queries - they indeed report much fewer issues.

I must also correct the numbers I've reported in my first email. I
actually worked on the repository (and not in JBS) and I forgot to
filter out merge and tag change sets. When I do that I get about the
following output:

d046063 at lu0482:/priv/d046063/OpenJDK/jdk-jdk11u$ hg log -r 51349
changeset:   51349:c8895b4a8eee  51199:6331acdbe09a  51348:e0fb123fbe0b
summary:     Merge
simonis at simonis:/OpenJDK/jdk-jdk11u$ hg log --template
'{desc|strip|firstline}\n' -r 51200:51348 | egrep "^8.+" | wc -l
103

So there are 103 changes which were brought in by 11.0.1 of which only
~20 are new security fixes.

I think one of the problems is that 11.0.1 brings in a lot of changes
which are already in 11, but with a different hash. E.g.

simonis at simonis:/OpenJDK/jdk-jdk11u$  hg log -k 8191907
changeset:   51235:9c1534b2e82c
user:        mdoerr
date:        Tue Nov 28 01:08:26 2017 +0300
summary:     8191907: PPC64 and s390 parts of JDK-8174962: Better
interface invocations
Reviewed-by: goetz

changeset:   48649:d9fcb7ba8133
user:        mdoerr
date:        Tue Nov 28 01:08:26 2017 +0300
summary:     8191907: PPC64 and s390 parts of JDK-8174962: Better
interface invocations
Reviewed-by: goetz

"48649:d9fcb7ba8133" is the change which was already in jdk 11 and for
some reason it was brought in again with 11.0.1 (as
"51235:9c1534b2e82c"). That's strange because 8191907 was pushed in
Nov. 2017 which should have been long before jdk 11.0.1 was cloned
from the jdk11 repo and the jdk11 repo should have already contained
8191907 at that time. So why has this change been push one more time
to 11.0.1 ?

8191907 was a security fix (as most other of the 102 changes listed
above, so unfortunately I can't look at them in JBS). A quick check
(haven't looked at all of the 103 changes yet) revealed, that there
are actually a lot of "duplicate" changes in there. So this may
actually be the explanation why I don't see only ~20 security + 7
other changes but 103. But then again, why does 11.0.1 re-import ~70
or so changes into 11u if they have been part of 11 anyway?

On Fri, Oct 19, 2018 at 4:44 PM Alan Bateman <Alan.Bateman at oracle.com> wrote:
>
> On 19/10/2018 15:07, Volker Simonis wrote:
> > Hi,
> >
> > after 11.0.1 has been successfully released I'd like to describe some
> > of my observations on how this release has been prepared and suggest
> > some improvements to the process:
> >
> > - I first, naively expected that 11.0.1 will only contain security
> > fixes (i.e. the fixes circulated and discussed on the vuln-dev mailing
> > list)
> > - in the end I was a little surprised that in addition to the ~20
> > security fixes 11.0.1 also contained ~130 other changes
> > - so in the end 11.0.1 is not strictly speaking a "security release"
> > but more a kind of combined "security" and "maintenance" release.
> > - because 11.0.1 was prepared in a hidden clone inside Oracle, it is
> > hard for others to understand which of the changes in jdk11u will also
> > be integrated into 11.0.1. (I know I can list all the issues fixed in
> > 11.0.1 in JBS, but this gives me more than 1000 changes which is not
> > near the additional ~130 changes which are in 11.0.1 compared to 11).
> >
> I don't know what these additional 130 issues are. Can you share your
> JBS query or hg command that you are using? It would also be useful to
> see what this give you:
>
> project = jdk and fixVersion = 11.0.1 and  "Resolved In Build" is not
> EMPTY and labels != hgupdate-sync
>
> -Alan