RFR 8189131: Open-source the Oracle JDK Root Certificates
dalibor topic
dalibor.topic at oracle.com
Tue Dec 5 09:52:48 UTC 2017
On 05.12.2017 10:08, Magnus Ihse Bursie wrote:
>> I think the folks from the AdoptOpenJDK project are using this option
>> (CC-ed adoption-discuss). I'm not sure if they want to drop their root
>> certificates in favor of the new ones.
> Maybe they can upstream their root certs as well, if it seems prudent?
Afaik, pretty much all downstream builds use the Mozilla PKI
certificates. It already has a very active upstream at Mozilla, so
upstreaming it into OpenJDK doesn't make a lot of sense. ;)
> The only reason this was made an option is
> that the OpenJDK distribution didn't include a root store at all by
> default, so *all* users needed to provide one for it to be usable. Now
> that this changes, the need to have build support to replace it
> diminishes greatly.
Fwiw, it can still be easily replaced on installation of a package by a
symbolic link to (or a copy of) the Mozilla root certificates, for
example. So I don't think that it's necessary for the build support to
remain, once this change goes in.
cheers,
dalibor topic
--
<http://www.oracle.com> Dalibor Topic | Principal Product Manager
Phone: +494089091214 <tel:+494089091214> | Mobile: +491737185961
<tel:+491737185961>
ORACLE Deutschland B.V. & Co. KG | Kühnehöfe 5 | 22761 Hamburg
ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603
Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Jan Schultheiss, Val Maher
<http://www.oracle.com/commitment> Oracle is committed to developing
practices and products that help protect the environment
More information about the security-dev
mailing list