code review request: 7081411: Change more keytool -genkeypair to RSA
Weijun Wang
weijun.wang at oracle.com
Wed Aug 31 08:23:43 UTC 2011
My personal view was not faraway from yours -- I am not so frightened by
test failures.
However, zero tolerance of any test failure is becoming a common sense
of the team and the whole JPG [1]. Evaluating test failures is consuming
too much time for both release engineers, SQE and us. Especially in this
case, other people might not easily find out it's the Solaris DSA bug
that causes the failure.
Therefore, my current opinion is that once the reason of a test failure
is known, we should take actions immediately. Either fix it if we can,
or fix the test (or problem list it) if we cannot fix the bug. There is
no benefit in leaving them there making noises from time to time.
In this case, I certainly do not want to add all of them to problems
list. Also, since the changeset is there, we always have a chance to
backout the changes when we want to bring the old tests back.
In fact, if you are worried that changing the tests might hide the bug,
I can add a new test that detects this bug. I'll make sure the test
always fails on Solaris.
Thanks
Max
[1] http://wiki.se.oracle.com/display/JPG/Home
On 08/30/2011 10:36 PM, Xuelei Fan wrote:
> The update, in both open and closed repositories, looks fine to me.
>
> However, the following reason cannot convince me of the necessity to
> make the change.
>
>> Because of the Solaris DSA bug described in 7041639, we keep seeing
>> tests generating DSA key pairs failing. Therefore I'm changing most
>> keypair generation to use RSA instead.
>
> Most of the updated tests using the default key algorithm ("DSA"). I'm
> thinking, shall we replace "RSA" back with "DSA" again when there is a
> RSA bug in the native libraries in the future? It may be not a good
> choice to cut the tests to fit problematic platform. These tests are
> also very good test to find the potential problems, right? When we
> change the test to be able to passed on all platform, the test may lost
> it function to find potential issues partially.
>
> Just my very personal view.
>
> Thanks,
> Xuelei
>
>
> On 8/30/2011 8:26 PM, Weijun Wang wrote:
>> Hi All
>>
>> 7081411: Change more keytool -genkeypair to RSA
>> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7081411
>>
>> Webrev at http://cr.openjdk.java.net/~weijun/7081411/webrev.01/
>>
>> Because of the Solaris DSA bug described in 7041639, we keep seeing
>> tests generating DSA key pairs failing. Therefore I'm changing most
>> keypair generation to use RSA instead.
>>
>> In all code changes, KeyToolTest.java is called by standard.sh, which
>> makes so many "keytool -genkeypair" calls that I decide to add "-keysize
>> 512" to make it fast. Please note that in this test there are still
>> explicit calls to "-genkeypair -keyalg dsa". These still have a chance
>> to fail on Solaris, but I like to keep them there to make the test
>> complete.
>>
>> Code changes in the closed repo will be sent in another mail.
>>
>> Thanks
>> Max
>>
>
More information about the security-dev
mailing list