----- Original Message ----- > Hi, > I am new to the forum, this is my first question; so go easy. I have > googled and looked up previous archives, I could not find about information > about security.properties in the security patches. > > I intend to change security.properties on openjdk6. Specifically I intend > to change > > #networkaddress.cache.ttl=-1 > > to > > networkaddress.cache.ttl=30 > > My worry is subsequent OpenJDK security updates may overwrite this setting. > So here is the question > Does openJDK security patches "overwrite" existing "user amended" settings > in the java.security file ?
This is more a question about binaries built from OpenJDK than OpenJDK itself, and how updated binaries are installed. This really depends on how your distribution handles updates to the OpenJDK package. On Fedora and RHEL, the file is treated as a config file. If java.security has been modified, the new version will not overwrite it but will add the new version as java.security.rpmnew. You then need to manually merge the two to get the updates. Other distributions take a similar route, with Gentoo having an 'etc-update' tool to aid in these updates. A few recent security updates have modified this file so as to disable cryptographic algorithms that have become insecure. To avoid missing such updates, it's thus safest not to modify the system version of this file and instead use your own version to override the relevant settings as Sean mentioned. This is especially true if you just want to alter settings for a specific application. > > Thanks, > Vinay > -- Andrew :) Senior Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com) PGP Key: ed25519/35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
