Future jdk9u updates & 9-critical-request

Mario Torre neugens at redhat.com
Mon Jan 29 11:54:25 UTC 2018

On Fri, Jan 26, 2018 at 8:19 PM, dalibor topic <dalibor.topic at oracle.com> wrote:

> Please don't assume that's a deliberately hostile act - we just have to
> navigate a more complicated problem space than might be apparent
> immediately. I'm sure that it's similarly unappealing to everyone involved
> to have to deal with this kind of problems after a release as it is to you
> to have to wait on the patches fixing these regressions to finally make it
> in. I wish we had foreseen this situation earlier and avoided the resulting
> inconvenience.

Indeed, as others have said, no one believes that was *deliberately*
hostile, even Andrew's first email wasn't suggesting that if you read
it carefully.

This is an important topic to sort out correctly, we've been telling
people that the short term releases are high quality releases, we need
to keep them so ever after the last of their security patches is
shipped, if we live the repositories in a messed state just because we
have a new main line for development, we're sending the wrong signal.

I'm not sure either what's the right answer here, but perhaps we need
coordination to step over the project before the security is made, or
after a grace period of up to one release after the last, in other
words patches that affect the code of the repositories after the last
release drop need to be coordinated with the new maintainer to allow
for a new release if that is necessary, even if a maintainer is not
appointed. In that respect Rob original email was considered "hostile"
(sorry Rob, writing that doesn't sound right!) and not acceptable.

The security group will clearly allow all that, but as long as we
don't have it we need to find a best effort solution that works.


More information about the jdk-updates-dev mailing list