[7u communication] Plans for delivery of critical 7u fixes into CPU releases

Tue Oct 15 11:24:15 PDT 2013

----- Original Message -----
> As you may already know from Nandini Ramani's blog post on 'Maintaining the
> security-worthiness of Java' from May [0], starting in October 2013, Java
> security fixes will be released under the Oracle Critical Patch Update
> schedule along with all other Oracle products.  In other words, Java will
> now issue four annual security releases.
> 
> You can find the next four dates for Oracle Critical Patch Updates and more
> information about them online. [1] You can also find information about
> upcoming releases' version numbers, as discussed on this list in April. [2]
> 
> We just released 7u40 in September - 7u60, in other words, is a couple of CPU
> releases away. It would be nice if there was a way for OpenJDK 7u Authors,
> Committers and Reviewers to flag critical fixes that have been integrated
> into jdk7u-dev for consideration by the Oracle JDK 7u CPU Release Team for
> inclusion into a CPU release before 7u60. All such fixes would still
> continue to be fixed in the jdk7u-dev integration forest first and would
> continue to follow the normal jdk7u fix process [3].
> 
> So, in order to enable critical & high impact fixes developed within this
> Project in OpenJDK to be considered for upcoming CPU releases, a developer
> requesting their fix to be considered for CPU integration can label their
> bug with "CPU-critical-request" in the JDK Bug System [4]. If approved by
> the Oracle JDK 7u CPU Release Team the label will be updated to
> "CPU-critical-approved" and they will then ensure that this fix gets
> integrated to an upcoming CPU release. All relevant updates will be
> processed via the bug report.
>  
> Such bug fix requests should only be made for critical fixes. A guideline
> might be :
>  
>  * P1 bug
>  OR
>  * A serious regression which needs fixing ASAP
>  
> 

Does this mean you actually plan to finally do OpenJDK releases corresponding to
these "Critical Patch Updates"?

> cheers,
> dalibor topic
> 
> [0]
> https://blogs.oracle.com/security/entry/maintaining_the_security_worthiness_of
> [1] http://www.oracle.com/technetwork/topics/security/alerts-086861.html
> [2]
> http://www.oracle.com/technetwork/java/javase/overview/jdk-version-number-scheme-1918258.html
> [3] http://openjdk.java.net/projects/jdk7u/groundrules.html
> [4] https://bugs.openjdk.java.net
> 
> --
> Oracle <http://www.oracle.com>
> Dalibor Topic | Principal Product Manager
> Phone: +494089091214 <tel:+494089091214> | Mobile: +491737185961
> <tel:+491737185961>
> Oracle Java Platform Group
> 
> ORACLE Deutschland B.V. & Co. KG | Kühnehöfe 5 | 22761 Hamburg
> 
> ORACLE Deutschland B.V. & Co. KG
> Hauptverwaltung: Riesstr. 25, D-80992 München
> Registergericht: Amtsgericht München, HRA 95603
> Geschäftsführer: Jürgen Kunz
> 
> Komplementärin: ORACLE Deutschland Verwaltung B.V.
> Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
> Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
> Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher
> 
> Green Oracle <http://www.oracle.com/commitment> Oracle is committed to
> developing practices and products that help protect the environment
> 

-- 
Andrew :)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F  8F91 3B96 A578 248B DC07