Regarding JDK-8216577: Add GlobalSign's R6 Root certificate

Henry Jen henry.jen at oracle.com
Tue Apr 30 02:09:36 UTC 2019


This seems should be pushed into jdk.jdk directly as it’s not a vulnerability issue. There is no doubt now this should be pushed directly as it’s already released.

Because it was not pushed into jdk-cpu before(which IMHO is correct), naturally it won’t be in jdk.jdk without an explicit push.

Cheers,
Henry


> On Apr 29, 2019, at 7:34 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
> 
> On 4/27/19 2:10 AM, Langer, Christoph wrote:
>>> On 4/26/19 6:04 PM, Langer, Christoph wrote:
>>>> Hi,
>>>> 
>>>> In JBS I can find the bug JDK-8216577: Add GlobalSign's R6 Root
>>>> certificate [0].
>>>> 
>>>> This change has gone into 12.0.1 and also 12.0.2 but it's not part of
>>>> JDK13 (jdk/jdk) and also not of JDK11 (e.g. 11.0.3-oracle,
>>>> 11.0.4-oracle). Could you please shed some light into this unusual
>>>> proceeding? Usually such changes would happen in jdk/jdk first, and then
>>>> be backported, I guess.
>>>> 
>>>> Is there any reason why the certificate was only added to the jdk12
>>>> updates train?
>>> It should be in 11.0.3-oracle. The backport issue is Confidential so
>>> maybe that is why you thought it wasn't.
>> Yep, that explains it. Any particular reason that the 11.0.3-oracle backport is confidential? Could you make it public? Just asking...
> 
> Fixed.
> 
>>> JDK 13 seems like an oversight. Rajan, any idea what happened? Can you
>>> push this to JDK 13?
>> Thanks in advance. Looking forward to see this in JDK 13.
> 
> Sure, still looking into this.
> 
> --Sean
> 




More information about the security-dev mailing list