Question on the "Updates Project" processes

Andrew Hughes gnu.andrew at
Wed Aug 1 15:41:36 UTC 2018

On 19 July 2018 at 00:03, Rob McKenna <rob.mckenna at> wrote:
> Hi Volker:
> On 18/07/18 15:50, Volker Simonis wrote:
>> Hi Rob,
>> yesterday you've pushed the security fixes for JDK 10.0.2 into the
>> jdk10u repository [2] but I haven't seen a "Request for approval" for
>> these changes as this has been requested for the corresponding
>> security updates in the jdk8u project [3]. Aren't such approvals
>> required any more for the new updates project?
> I'm in two minds about this. We've moved away from mailing list
> approvals for the jdk-updates project and it seems redundant to add the
> labels to these issues when they've already been through the critical
> request process, but perhaps I need to rethink that. Leave that with me.

It also wouldn't be visible to many of us anyway, because the security
issues are private.

I've always found the actual review element rather redundant (and, given
the time between review and approval, I expect it's often rubber-stamping
work done privately). The main benefit has been to know that the patches
are in the repository, so I'd be quite happy with a notification on
this instead.
Andrew :)

Senior Free Java Software Engineer
Red Hat, Inc. (

Web Site:
PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222

More information about the jdk-updates-dev mailing list