2025-07 Security Update Bundles

Lindenmaier, Goetz goetz.lindenmaier at sap.com
Thu Jul 10 09:36:28 UTC 2025 

Hi Paul,

On 20.5.2025 you have removed jdk17u-fix-yes and jdk17u-fix-request 
labels from https://bugs.openjdk.org/browse/JDK-8320687

Why have you done this?  You should not touch jdk17u-fix-yes labels!!!  
These are  reserved to the maintainers.

Now we have a broken situation with two pushes for the same 
change.  The correct way would have been to open a [REDO]  change,
this is what I understood as "resubmit".
Nobody could tell from your 2nd PR that this was a redo of 
a previous change.  Please mention such things to be transparent.

Actually I thought that Skara warns that the change
has already been pushed to the repository.  Hasn't there been 
such a warning?

Best regards,
  Goetz.

> -----Original Message-----
> From: Andrew Hughes <gnu.andrew at redhat.com>
> Sent: Wednesday, July 9, 2025 8:53 PM
> To: Lindenmaier, Goetz <goetz.lindenmaier at sap.com>
> Subject: Re: 2025-07 Security Update Bundles
> 
> On 11:23 Wed 09 Jul     , Lindenmaier, Goetz wrote:
> > Hi Andrew,
> >
> > It seems to be working in the meantime. I saw some mails to Christoph.
> >
> > Best, Goetz.
> >
> 
> Thanks. I've picked up the bundles today.
> 
> I've just been going through the changes in 17.0.16 and I found this
> pair confusing:
> 
> JDK-8320687: sun.jvmstat.monitor.MonitoredHost.getMonitoredHost()
> throws unexpected exceptions when invoked concurrently
> JDK-8355914: [17u] Backout backport of JDK-8320687
> 
> The reason is that there are only two bugs, but three commits. From
> the bugs alone, it is not clear that 8320687 was later reapplied as it
> happens under the same ID and in a commit with the same summary.
> 
> I can see why you might wanted to have avoided a "[REDO]" bug here to
> retain the link to the original bug. Maybe, as it was only a failing
> test, it could have just been excluded until fixed?
> 
> The 8355914 bug says "Tonight rampdown starts" but this was in
> 17.0.16+1, long before rampdown.
> 
> Thoughts? I'm just wondering if we could have done things a little
> better here, though I can understand the change was made under tight
> time constraints.
> 
> Best,
> --
> Andrew :)
> Pronouns: he / him or they / them
> Red Hat, Inc. (http://www.redhat.com)
> 
> PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
> Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222
> 
> Please contact via e-mail, not proprietary chat networks

More information about the jdk-updates-dev mailing list