Package: release.debian.org Severity: normal Tags: bookworm User: [email protected] Usertags: pu X-Debbugs-Cc: Matthias Klose <[email protected]>
This request comes without a patch since I don't know how to properly fix it in stable. But it definitively needs to be addressed for the point release because the bookworm-security upload of openjdk-17 broke the very fragile assumption in ca-certificates-java that a jre can be used even before it was configured for the first time. As a result new installations of openjdk-17-jre-headless from bookworm-security (or -pu) (and its circular dependency ca-certificates-java from bookworm) will fail, #1039472, (but upgrades seem to work fine, since the jre has been configured at least once in the past). bookworm had the packages prepared to move the java certificate setup to trigger processing (after the jre got configured) and break the dependency loop, but in the end this was not activated before the bookworm release. It is now enabled in sid. I tried rebuilding the sid package for bookworm, but that is not installable since it has Breaks against jre versions newer than what is in bookworm-security. I'm not sure if the Breaks really need to be that strict (because some new feature is being used) or whether they could be relaxed for bookworm. Andreas
