Mystery meat OpenJDK builds strike again

Thomas Stüfe thomas.stuefe at
Mon May 27 14:59:16 UTC 2019

Hi Gil,

On Mon, May 27, 2019 at 1:41 AM Gil Tene <gil at> wrote:

> Seriously?
> You see factual reporting (directly documented and dated in the original
> posting) of the actual version numbers being used by official docker
> images, along with irrefutable proof that the packages used in those were
> built weeks before the respective OpenJDK 8u and 11u releases were
> complete, as “fake news”?
> You think that alerting millions of unsuspecting people using exposed,
> insecure builds that falsely report their OpenJDK version (as one that
> includes e.g. critical security fixes) to the fact as “marketing”?
Did you try to contact Debian folks to give them opportunity to fix those
security concerns before going public with them? Or did they not react in

Cheers, Thomas

More information about the jdk-updates-dev mailing list