On 05.12.2017 10:08, Magnus Ihse Bursie wrote:
I think the folks from the AdoptOpenJDK project are using this option
(CC-ed adoption-discuss). I'm not sure if they want to drop their root
certificates in favor of the new ones.
Maybe they can upstream their root certs as well, if it seems prudent?
Afaik, pretty much all downstream builds use the Mozilla PKI
certificates. It already has a very active upstream at Mozilla, so
upstreaming it into OpenJDK doesn't make a lot of sense. ;)
The only reason this was made an option is
that the OpenJDK distribution didn't include a root store at all by
default, so *all* users needed to provide one for it to be usable. Now
that this changes, the need to have build support to replace it
diminishes greatly.
Fwiw, it can still be easily replaced on installation of a package by a
symbolic link to (or a copy of) the Mozilla root certificates, for
example. So I don't think that it's necessary for the build support to
remain, once this change goes in.
cheers,
dalibor topic
--
<http://www.oracle.com> Dalibor Topic | Principal Product Manager
Phone: +494089091214 <tel:+494089091214> | Mobile: +491737185961
<tel:+491737185961>
ORACLE Deutschland B.V. & Co. KG | Kühnehöfe 5 | 22761 Hamburg
ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603
Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Jan Schultheiss, Val Maher
<http://www.oracle.com/commitment> Oracle is committed to developing
practices and products that help protect the environment
