Downporting JDK-8313765 to jdk11u and jdk17u and respinning 11.0.20 and 17.0.8
Volker Simonis
volker.simonis at gmail.com
Mon Aug 21 19:06:41 UTC 2023
Thanks a lot Götz!
On Mon, Aug 21, 2023 at 11:57 AM Lindenmaier, Goetz
<goetz.lindenmaier at sap.com> wrote:
>
> Hi,
>
> I just checked.
> I can not create the branch.
>
> The ops team at Oracle had asked me to check whether I can do it,
> but as it does not work they will create a branch.
>
> There is a convention not to use dashes, so the branches will be
> Named "jdk11.0.20.1" and "jdk17.0.8.1".
>
> Once they are there you can make PRs against these branches
> and push once reviewed etc.
>
> Best regards,
> Goetz.
>
>
> > -----Original Message-----
> > From: Volker Simonis <volker.simonis at gmail.com>
> > Sent: Montag, 21. August 2023 19:58
> > To: Andrew Hughes <gnu.andrew at redhat.com>
> > Cc: Sergey Bylokhov <bylokhov at amazon.com>; jdk-updates-dev <jdk-updates-
> > dev at openjdk.java.net>; Langer, Christoph <christoph.langer at sap.com>;
> > Andrew Haley <aph at redhat.com>; Severin Gehwolf <sgehwolf at redhat.com>;
> > Lindenmaier, Goetz <goetz.lindenmaier at sap.com>; Taylor, Ben
> > <benty at amazon.com>
> > Subject: Re: Downporting JDK-8313765 to jdk11u and jdk17u and respinning
> > 11.0.20 and 17.0.8
> >
> > I've just created "JDK-8314677: Bump update version for OpenJDK:
> > jdk-17.0.8.1" [1] and set its "Fix version" to "17.0.8.1".
> > Ben is preparing a PR for it. I'm not sure however, if he can create a
> > PR which will be merged with 17.0.8-ga? Maybe only Götzt can do that
> > (or create a 17.0.8.1 branch in 17u)?
> >
> > [1] https://bugs.openjdk.org/browse/JDK-8314677
> >
> > On Fri, Aug 18, 2023 at 10:41 AM Andrew Hughes <gnu.andrew at redhat.com>
> > wrote:
> > >
> > > On 14:50 Thu 17 Aug , Sergey Bylokhov wrote:
> > > > Nobody mention respin of JDK 20u:
> > > > https://github.com/openjdk/jdk20u/pull/87
> > > > Does anybody plan to do it?
> > > >
> > > > On 8/17/23 10:31, Andrew Hughes wrote:
> > > > > Yes, I've been tracking this since it was discussed in the vulnerability
> > > > > group. I agree it is preferable to have a fix rather than resorting to
> > > > > turning off a CVE fix.
> > > > >
> > > > > My main worry is not about backporting the fix, but in whether we can
> > > > > squeeze in a respin. I'm glad to see the proposed fix has finally been
> > > > > posted publicly, reviewed and integrated as of yesterday. It seems
> > > > > to have taken a long time to get to that stage from the original VG
> > > > > discussion.
> > > > >
> > > > > When we've done interim releases in the past, they have been within a
> > > > > few weeks of the original release. With this release, we are already
> > > > > at the point where we enter rampdown for the next release in < 2
> > > > > weeks.
> > > > >
> > > > > I think we can still manage an interim release this time, but it
> > > > > needs to happen within the next week, before people start to focus
> > > > > on testing and adding security fixes to the October update.
> > > > >
> > > > > I'll go and review the 11u & 17u backports now. Note that there
> > > > > are currently GHA failures with both, one down to the GCC versioning
> > > > > we removed in 8u with https://bugs.openjdk.org/browse/JDK-8284772
> > > >
> > > > --
> > > > Best regards, Sergey.
> > > >
> > >
> > > We're not maintainers, Oracle are. I guess their efforts are now focused
> > > on 21. They are aware of this and have apparently added it to 17.0.10-oracle
> > > and 11.0.22-oracle already, and I see a request for 21 too [0]
> > >
> > > [0] https://bugs.openjdk.org/browse/JDK-
> > 8313765?focusedCommentId=14604862&page=com.atlassian.jira.plugin.syste
> > m.issuetabpanels:comment-tabpanel#comment-14604862
> > >
> > > Best regards,
> > > --
> > > Andrew :)
> > > Pronouns: he / him or they / them
> > > Principal Free Java Software Engineer
> > > OpenJDK Package Owner
> > > Red Hat, Inc.
> > (http://www.re/
> > dhat.com%2F&data=05%7C01%7Cgoetz.lindenmaier%40sap.com%7Cea1605b
> > d5234423e4a7608dba2702388%7C42f7676cf455423c82f6dc2d99791af7%7C0
> > %7C0%7C638282374731170501%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC
> > 4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7
> > C%7C%7C&sdata=uTOwVSxZZtb08DjX6lB6uUHOzUeHzRo145u3itNqCDc%3D&r
> > eserved=0)
> > >
> > > PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
> > > Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
> > >
> > > Please contact via e-mail, not proprietary chat networks
> > > Available on Libera Chat & OFTC IRC networks as gnu_andrew
More information about the jdk-updates-dev
mailing list