[8u] RFR: backport of 8231507: Update Apache Santuario (XML Signature) to version 2.1.4

Andrew John Hughes gnu.andrew at redhat.com
Mon Dec 30 04:16:35 UTC 2019


On 26/12/2019 12:24, Fedor wrote:
> Hi Elliott,
> 
> The library itself looked to me as solid thing, so I decided to downport
> it as one piece.
> Moreover, it seems it is easier and more clear than to do this work
> applying all patches that touched the library code.
> For example, as far as I remember there was a lot of changes, updating
> javadoc and fixing compilation warnings, and these changes were updating
> not only the library code but a big chunk of irrelevant to us Java
> classes in addition.
> Because of that, all of potentially relevant patches should be updated
> to not touch code outside the library (for example public api that may
> break jdk8u compliance)
> 
> Being more specific, what was done during backport of the library I can
> describe in next steps:
> 1) copied library files from jdk11/14 to jdk8 to appropriate packages:
>  - src/share/classes/org/jcp/xml/dsig/internal
>  - src/share/classes/com/sun/org/apache/xml/internal

A backport of an issue, x, should be completed by applying the changeset
for that issue in later OpenJDK versions to 8u. That may require other
changes and the decision to backport them or workaround this has to be
made on a case by case basis.

Copying over files like this results in numerous changes from a variety
of bugs being brought over, which, in some cases, may be partial because
they touch files outside the subset being copied.

The only case I believe warrants that kind of action is in backporting
work developed outside the main OpenJDK trees (e.g. the PPC or AArch64
ports) where the majority of changes don't have associated bug IDs and
are significantly different between JDK versions. Even then, it is
preferable to move to a bug-by-bug basis as soon as possible.

Taking the quick option initially ends up creating more work and
headaches for others later on, when they then have to try and deal with
sourcing changes and the inevitable partial backports.
-- 
Andrew :)

Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222
https://keybase.io/gnu_andrew



More information about the jdk8u-dev mailing list