Mystery meat OpenJDK builds strike again
Thomas Stüfe
thomas.stuefe at gmail.com
Mon May 27 14:59:16 UTC 2019
Hi Gil,
On Mon, May 27, 2019 at 1:41 AM Gil Tene <gil at azul.com> wrote:
> Seriously?
>
> You see factual reporting (directly documented and dated in the original
> posting) of the actual version numbers being used by official docker
> images, along with irrefutable proof that the packages used in those were
> built weeks before the respective OpenJDK 8u and 11u releases were
> complete, as “fake news”?
>
> You think that alerting millions of unsuspecting people using exposed,
> insecure builds that falsely report their OpenJDK version (as one that
> includes e.g. critical security fixes) to the fact as “marketing”?
>
>
Did you try to contact Debian folks to give them opportunity to fix those
security concerns before going public with them? Or did they not react in
time?
Cheers, Thomas
More information about the jdk-updates-dev
mailing list