RFR 8212003: Obsoleting the default keytool -keyalg option

Weijun Wang weijun.wang at oracle.com
Fri Nov 16 16:01:52 UTC 2018



> On Nov 16, 2018, at 11:48 PM, Sean Mullan <sean.mullan at oracle.com> wrote:
> 
> On 11/15/18 10:20 PM, Weijun Wang wrote:
>> Would like also please review the release note here?
>>   https://bugs.openjdk.java.net/browse/JDK-8213965
> 
> I made a few changes. I think it is important to also say that we will be removing support for the default values in a subsequent release.

Thanks.

> 
>> I had thought about using RN-Deprecated but there is no API here. If you think it's better, I'll use it and also change all "obsolete" into "deprecate" in the description and title of the release note/CSR/bug.
> 
> I think "deprecate" is probably better, even though this isn't an API, because I think it is a better way to tell the user that it is not good to rely on the default values anymore. "Obsoleted" is probably ok too, but I don't hear it used much so it doesn't have the same meaning to me.

I s/obsolete/deprecate/ everywhere. The webrev is also updated in place.

--Max

> 
> --Sean
> 
>> Thanks
>> Max
>>> On Nov 15, 2018, at 9:19 AM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>> 
>>> Thanks to Xuelei and Sean. I added your recommended words and proposed the CSR.
>>> 
>>>> On Nov 15, 2018, at 6:16 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>>> 
>>>> On 11/14/18 5:07 AM, Weijun Wang wrote:
>>>>> The CSR is re-opened. It is now focusing on -keyalg only. Please take a review:
>>>>>   https://bugs.openjdk.java.net/browse/JDK-8212111
>>>> 
>>>> I think the CSR should also include an example of the informational text showing what algs and size were used. Looks good otherwise.
>>>> 
>>>> --Sean
>>>> 
>>>>> Thanks
>>>>> Max
>>>>>> On Nov 7, 2018, at 11:51 PM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>>>>> 
>>>>>> Oops, I take this back. The CSR needs more update.
>>>>>> 
>>>>>> Sorry if you have already start reading it.
>>>>>> 
>>>>>> Thanks
>>>>>> Max
>>>>>> 
>>>>>> 
>>>>>>> On Nov 7, 2018, at 9:27 AM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>>>>>> 
>>>>>>> After some discussion, we decided to cover -keysize and -sigalg in this deprecation process too.
>>>>>>> 
>>>>>>> Please review the updated CSR at
>>>>>>> 
>>>>>>>  https://bugs.openjdk.java.net/browse/JDK-8212111
>>>>>>> 
>>>>>>> No webrev available yet.
>>>>>>> 
>>>>>>> Thanks
>>>>>>> Max
>>>>>>> 
>>>>>>> 
>>>>>>>> On Oct 18, 2018, at 10:34 AM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>>>>>>> 
>>>>>>>> Please review the code change and CSR for
>>>>>>>> 
>>>>>>>> JBS: https://bugs.openjdk.java.net/browse/JDK-8212003
>>>>>>>> 
>>>>>>>> at
>>>>>>>> 
>>>>>>>> webrev: http://cr.openjdk.java.net/~weijun/8212003/webrev.00/
>>>>>>>> CSR: https://bugs.openjdk.java.net/browse/JDK-8212111
>>>>>>>> 
>>>>>>>> When -keyalg is not provided for -genkeypair or -genseckey, keytool will print out a warning. We plan to make this an error in a future release.
>>>>>>>> 
>>>>>>>> A new regression test ObsoleteKeyalg.java added. "-keyalg DSA" or "-keyalg DES" added to other tests.
>>>>>>>> 
>>>>>>>> A Mach5 job on tier1 and tier2 running now.
>>>>>>>> 
>>>>>>>> Thanks
>>>>>>>> Max
>>>>>>>> 
>>>>>>> 
>>>>>> 
>>> 



More information about the security-dev mailing list