Bug#928185: unblock: openjdk-11/11.0.3+7-4
Hi Tony, On 22-06-2019 01:40, tony mancill wrote: > As of 2019-06-21 23:34:12 UTC, the buildd status page [1] indicates > "BD-Uninstallable": > >> Dependency installability problem for openjdk-11 on arm64: >> >> Installability of build dependencies not tested yet > > I'm not sure what that means. Perhaps it needs to be poked again? BD-Uninstallable is the state where the package is put when it is given-back [1]. So everything was fine. The package now is building again. Paul [1] https://release.debian.org/wanna-build.html signature.asc Description: OpenPGP digital signature
Bug#928185: unblock: openjdk-11/11.0.3+7-4
On Fri, Jun 21, 2019 at 11:18:14PM +0200, Aurelien Jarno wrote: > On 2019-06-21 21:40, Steve McIntyre wrote: > > > I know there have been disk issues reported on one of the new machines > > (yay!), possibly that's the cause here. I don't have direct login > > access myself to be able to check. Aurelien - could you take a look > > The failure on arm-ubc-02 is just due to the VM shutting down, likely > when there was some issues with the disk or migrating the VMs. That's > why the package has been given-back immediately. Hi Aurelien, As of 2019-06-21 23:34:12 UTC, the buildd status page [1] indicates "BD-Uninstallable": > Dependency installability problem for openjdk-11 on arm64: > > Installability of build dependencies not tested yet I'm not sure what that means. Perhaps it needs to be poked again? Thank you for helping us with this! tony [1] https://buildd.debian.org/status/package.php?p=openjdk-11=buster signature.asc Description: PGP signature
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Hi, On 2019-06-21 21:40, Steve McIntyre wrote: > On Fri, Jun 21, 2019 at 04:29:18PM -0400, Sam Hartman wrote: > >> "tony" == tony mancill writes: > > > >tony> Hi Paul, > > > >tony> I emailed ar...@buildd.debian.org regarding that this morning > >tony> (at 13:35 UTC), but haven't received a response yet. Perhaps > >tony> related, but the first arm64 build failed for the upload to > >tony> unstable last week. The build failed on arm-ubc-02 but then > >tony> succeeded on arm-conova-02. I don't know if someone manually > >tony> triggered the retry, but a few hours after the arm64 failure, > >tony> another build was underway and successful. > > > >Happened to be in the room with SteMcIntyre, who is not actually an > >arm64 buildd admin, but who volunteered to prod people. > >He also suggested that you could copy the debian-arm list as well as > >buildd admins. > Hey Tony, > > Looking at that log now... > > The build is running and failing on arm-ubc-03, which is one of the > new buildds at UBC that have just been recently commissioned. It's odd > that there's no explicit failure message for the build, just a build > timeout. The new buildds are way slower per core than the existing arm64 buildds, however they also have much more cores. It means that some timeout might have to be adjusted. For now I have given-back the package, let's see what happens. > I know there have been disk issues reported on one of the new machines > (yay!), possibly that's the cause here. I don't have direct login > access myself to be able to check. Aurelien - could you take a look The failure on arm-ubc-02 is just due to the VM shutting down, likely when there was some issues with the disk or migrating the VMs. That's why the package has been given-back immediately. Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net
Bug#928185: unblock: openjdk-11/11.0.3+7-4
On Fri, Jun 21, 2019 at 04:29:18PM -0400, Sam Hartman wrote: >> "tony" == tony mancill writes: > >tony> Hi Paul, > >tony> I emailed ar...@buildd.debian.org regarding that this morning >tony> (at 13:35 UTC), but haven't received a response yet. Perhaps >tony> related, but the first arm64 build failed for the upload to >tony> unstable last week. The build failed on arm-ubc-02 but then >tony> succeeded on arm-conova-02. I don't know if someone manually >tony> triggered the retry, but a few hours after the arm64 failure, >tony> another build was underway and successful. > >Happened to be in the room with SteMcIntyre, who is not actually an >arm64 buildd admin, but who volunteered to prod people. >He also suggested that you could copy the debian-arm list as well as >buildd admins. Hey Tony, Looking at that log now... The build is running and failing on arm-ubc-03, which is one of the new buildds at UBC that have just been recently commissioned. It's odd that there's no explicit failure message for the build, just a build timeout. I know there have been disk issues reported on one of the new machines (yay!), possibly that's the cause here. I don't have direct login access myself to be able to check. Aurelien - could you take a look please? -- Steve McIntyre, Cambridge, UK.st...@einval.com < Aardvark> I dislike C++ to start with. C++11 just seems to be handing rope-creating factories for users to hang multiple instances of themselves.
Bug#928185: unblock: openjdk-11/11.0.3+7-4
> "tony" == tony mancill writes: tony> Hi Paul, tony> I emailed ar...@buildd.debian.org regarding that this morning tony> (at 13:35 UTC), but haven't received a response yet. Perhaps tony> related, but the first arm64 build failed for the upload to tony> unstable last week. The build failed on arm-ubc-02 but then tony> succeeded on arm-conova-02. I don't know if someone manually tony> triggered the retry, but a few hours after the arm64 failure, tony> another build was underway and successful. Happened to be in the room with SteMcIntyre, who is not actually an arm64 buildd admin, but who volunteered to prod people. He also suggested that you could copy the debian-arm list as well as buildd admins.
Bug#928185: unblock: openjdk-11/11.0.3+7-4
On Fri, Jun 21, 2019 at 09:35:29PM +0200, Paul Gevers wrote: > Hi tony, > > On 20-06-2019 15:44, tony mancill wrote: > > I interpret this exchange to mean that 11.0.3+7-5 is still the version > > preferred by the OpenJDK Team and so have uploaded that, built against > > buster and with distribution set the buster. > > > > Let me know if I misinterpreted and should upload with a different > > version, and thank you for the discussion and patience with this one. > > The build on arm64 failed. Can you please investigate? > > https://buildd.debian.org/status/fetch.php?pkg=openjdk-11=arm64=11.0.3%2B7-5=1561082322=0 Hi Paul, I emailed ar...@buildd.debian.org regarding that this morning (at 13:35 UTC), but haven't received a response yet. Perhaps related, but the first arm64 build failed for the upload to unstable last week. The build failed on arm-ubc-02 but then succeeded on arm-conova-02. I don't know if someone manually triggered the retry, but a few hours after the arm64 failure, another build was underway and successful. I mention the machine names because arm-ubc-02 and arm-ubc-03 are running the same version of sbuild, which is newer than the version of sbuild running on arm-conova-02. But perhaps there are other differences as well. If I don't hear something back by tonight, I'll try to reach the arm64 buildd admins via IRC. Thanks, tony signature.asc Description: PGP signature
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Hi tony, On 20-06-2019 15:44, tony mancill wrote: > I interpret this exchange to mean that 11.0.3+7-5 is still the version > preferred by the OpenJDK Team and so have uploaded that, built against > buster and with distribution set the buster. > > Let me know if I misinterpreted and should upload with a different > version, and thank you for the discussion and patience with this one. The build on arm64 failed. Can you please investigate? https://buildd.debian.org/status/fetch.php?pkg=openjdk-11=arm64=11.0.3%2B7-5=1561082322=0 Paul signature.asc Description: OpenPGP digital signature
Bug#928185: unblock: openjdk-11/11.0.3+7-4
On Wed, Jun 19, 2019 at 10:48:29PM +0200, Matthias Klose wrote: > On 19.06.19 22:03, Paul Gevers wrote: > > Hi Tony, > > > > On 18-06-2019 22:14, tony mancill wrote: > >> Things are looking good so far with 11.0.4+4+really11.0.3+7 in unstable, > >> and so I would like to prepare the t-p-u upload. At the moment, the > >> version I have is 11.0.3+7-5, since that would have been the "next" > >> 11.0.3+7 Debian revision for unstable. The 11.0.3+7 orig.tar.xz already > >> in the archive is the same one used for the "really" to unstable and > >> this build, and this versioning makes it clear to users what they are > >> getting. The resulting changelog would be: > >> > >>> diff -Nru openjdk-11-11.0.4+4+really11.0.3+7/debian/changelog > >>> openjdk-11-11.0.3+7/debian/changelog > >>> --- openjdk-11-11.0.4+4+really11.0.3+7/debian/changelog 2019-06-14 > >>> 12:28:25.0 -0700 > >>> +++ openjdk-11-11.0.3+7/debian/changelog 2019-06-16 11:24:19.0 > >>> -0700 > >>> @@ -1,3 +1,10 @@ > >>> +openjdk-11 (11.0.3+7-5) buster; urgency=medium > >>> + > >>> + * Team upload. > >>> + * Upload 11.0.4+4+realy11.0.3+7-2 to buster t-p-u. > >>> + > >>> + -- tony mancill Sun, 16 Jun 2019 11:24:19 -0700 > >> > >> Is this acceptable to the Release Team? If not, (and I know there have > >> been some differing opinions), how shall we version the t-p-u package? > > > > I think the most logical version would be 11.0.3+7-4+deb10u1, as this is > > a targeted upload to buster. > > let's use a version which also can be nicely used for the backports upload. > > > I don't have a strong opinion on it. I > > still don't like it we go via tpu but I understand the ranting argument. > > this will be very short-lived until the final 11.0.4 release to be uploaded > into > security. I interpret this exchange to mean that 11.0.3+7-5 is still the version preferred by the OpenJDK Team and so have uploaded that, built against buster and with distribution set the buster. Let me know if I misinterpreted and should upload with a different version, and thank you for the discussion and patience with this one. Cheers, tony signature.asc Description: PGP signature
Bug#928185: unblock: openjdk-11/11.0.3+7-4
On 19.06.19 22:03, Paul Gevers wrote: > Hi Tony, > > On 18-06-2019 22:14, tony mancill wrote: >> Things are looking good so far with 11.0.4+4+really11.0.3+7 in unstable, >> and so I would like to prepare the t-p-u upload. At the moment, the >> version I have is 11.0.3+7-5, since that would have been the "next" >> 11.0.3+7 Debian revision for unstable. The 11.0.3+7 orig.tar.xz already >> in the archive is the same one used for the "really" to unstable and >> this build, and this versioning makes it clear to users what they are >> getting. The resulting changelog would be: >> >>> diff -Nru openjdk-11-11.0.4+4+really11.0.3+7/debian/changelog >>> openjdk-11-11.0.3+7/debian/changelog >>> --- openjdk-11-11.0.4+4+really11.0.3+7/debian/changelog 2019-06-14 >>> 12:28:25.0 -0700 >>> +++ openjdk-11-11.0.3+7/debian/changelog2019-06-16 11:24:19.0 >>> -0700 >>> @@ -1,3 +1,10 @@ >>> +openjdk-11 (11.0.3+7-5) buster; urgency=medium >>> + >>> + * Team upload. >>> + * Upload 11.0.4+4+realy11.0.3+7-2 to buster t-p-u. >>> + >>> + -- tony mancill Sun, 16 Jun 2019 11:24:19 -0700 >> >> Is this acceptable to the Release Team? If not, (and I know there have >> been some differing opinions), how shall we version the t-p-u package? > > I think the most logical version would be 11.0.3+7-4+deb10u1, as this is > a targeted upload to buster. let's use a version which also can be nicely used for the backports upload. > I don't have a strong opinion on it. I > still don't like it we go via tpu but I understand the ranting argument. this will be very short-lived until the final 11.0.4 release to be uploaded into security. > Let's end this saga. please do.
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Hi Tony, On 18-06-2019 22:14, tony mancill wrote: > Things are looking good so far with 11.0.4+4+really11.0.3+7 in unstable, > and so I would like to prepare the t-p-u upload. At the moment, the > version I have is 11.0.3+7-5, since that would have been the "next" > 11.0.3+7 Debian revision for unstable. The 11.0.3+7 orig.tar.xz already > in the archive is the same one used for the "really" to unstable and > this build, and this versioning makes it clear to users what they are > getting. The resulting changelog would be: > >> diff -Nru openjdk-11-11.0.4+4+really11.0.3+7/debian/changelog >> openjdk-11-11.0.3+7/debian/changelog >> --- openjdk-11-11.0.4+4+really11.0.3+7/debian/changelog 2019-06-14 >> 12:28:25.0 -0700 >> +++ openjdk-11-11.0.3+7/debian/changelog 2019-06-16 11:24:19.0 >> -0700 >> @@ -1,3 +1,10 @@ >> +openjdk-11 (11.0.3+7-5) buster; urgency=medium >> + >> + * Team upload. >> + * Upload 11.0.4+4+realy11.0.3+7-2 to buster t-p-u. >> + >> + -- tony mancill Sun, 16 Jun 2019 11:24:19 -0700 > > Is this acceptable to the Release Team? If not, (and I know there have > been some differing opinions), how shall we version the t-p-u package? I think the most logical version would be 11.0.3+7-4+deb10u1, as this is a targeted upload to buster. I don't have a strong opinion on it. I still don't like it we go via tpu but I understand the ranting argument. Let's end this saga. Paul signature.asc Description: OpenPGP digital signature
Bug#928185: unblock: openjdk-11/11.0.3+7-4
On Wed, Jun 12, 2019 at 10:26:02PM +0200, Paul Gevers wrote: > Hi, > > On 12-06-2019 21:54, Emmanuel Bourg wrote: > > Le 12/06/2019 à 20:38, Paul Gevers a écrit : > > > >> Can you explain why, please? > > > > You mean why not using the +really version in testing? Because that's > > ugly and confusing for the end users I guess. > > I'd still like Matthias to confirm, but that is not a good reason from > the release teams point of view. We have quite a few +really versions > already, one more won't hurt. Hi Paul, Things are looking good so far with 11.0.4+4+really11.0.3+7 in unstable, and so I would like to prepare the t-p-u upload. At the moment, the version I have is 11.0.3+7-5, since that would have been the "next" 11.0.3+7 Debian revision for unstable. The 11.0.3+7 orig.tar.xz already in the archive is the same one used for the "really" to unstable and this build, and this versioning makes it clear to users what they are getting. The resulting changelog would be: > diff -Nru openjdk-11-11.0.4+4+really11.0.3+7/debian/changelog > openjdk-11-11.0.3+7/debian/changelog > --- openjdk-11-11.0.4+4+really11.0.3+7/debian/changelog 2019-06-14 > 12:28:25.0 -0700 > +++ openjdk-11-11.0.3+7/debian/changelog 2019-06-16 11:24:19.0 > -0700 > @@ -1,3 +1,10 @@ > +openjdk-11 (11.0.3+7-5) buster; urgency=medium > + > + * Team upload. > + * Upload 11.0.4+4+realy11.0.3+7-2 to buster t-p-u. > + > + -- tony mancill Sun, 16 Jun 2019 11:24:19 -0700 Is this acceptable to the Release Team? If not, (and I know there have been some differing opinions), how shall we version the t-p-u package? Thank you, tony signature.asc Description: PGP signature
Bug#928185: unblock: openjdk-11/11.0.3+7-4
On 12.06.19 00:37, Moritz Mühlenhoff wrote: > On Mon, Jun 10, 2019 at 09:46:41PM -0700, tony mancill wrote: >> I am not a member of the OpenJDK team and contributed far less to the >> JDK 8 -> 11 transition than Emmanuel has. If he and Matthias are in >> agreement and the plan is palatable to the Release and Security Teams, >> that's ideal. > > I don't have any preference either, just adding my 2 cents here; with > our buster release set to 6th of July and the next Oracle CPU set for > July 16, we'll ship a non-GA release of Java for maybe two, at most three > weeks (as buster-security will rebase to the next openjdk-11 following > the CPU). I'm also fairly sure we've shipped non-GA releases for openjdk-8 > before? yes, until reccently we didn't have any source releases, so I prepared packages from the last tag leading to the GA release, and then we applied the security patches on top of that. Matthias
Bug#928185: unblock: openjdk-11/11.0.3+7-4
On 12.06.19 20:38, Paul Gevers wrote: > Hi Matthias, > > On 12-06-2019 10:33, Emmanuel Bourg wrote: >> I talked to Matthias on IRC yesterday, he was ok with the +really >> version in unstable only as a testbed for a tpu upload with a sane version. > > Can you explain why, please? because we had so much fun with rants about versioning questions for OpenJDK. Just avoiding that would be nice.
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Hi, On 12-06-2019 21:54, Emmanuel Bourg wrote: > Le 12/06/2019 à 20:38, Paul Gevers a écrit : > >> Can you explain why, please? > > You mean why not using the +really version in testing? Because that's > ugly and confusing for the end users I guess. I'd still like Matthias to confirm, but that is not a good reason from the release teams point of view. We have quite a few +really versions already, one more won't hurt. Paul signature.asc Description: OpenPGP digital signature
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Le 12/06/2019 à 20:38, Paul Gevers a écrit : > Can you explain why, please? You mean why not using the +really version in testing? Because that's ugly and confusing for the end users I guess. Emmanuel Bourg
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Hi Matthias, On 12-06-2019 10:33, Emmanuel Bourg wrote: > I talked to Matthias on IRC yesterday, he was ok with the +really > version in unstable only as a testbed for a tpu upload with a sane version. Can you explain why, please? Paul signature.asc Description: OpenPGP digital signature
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Le 12/06/2019 à 07:09, tony mancill a écrit : > Regarding t-p-u and/or unstable, a source package and build of > 11.0.4+4+really11.0.3+7 can be found here: > > https://people.debian.org/~tmancill/openjdk-11/ Thank you! > The interdiff [1] between this build and the 11.0.3+7-5 discussed > previously in this thread and this build is small (as would be > expected). The debdiff [2] against 11.0.4+4-1 is (predictably) huge, as > it reverts all of the 11.0.4 development. The changes look good to me. > Decision time... :) I talked to Matthias on IRC yesterday, he was ok with the +really version in unstable only as a testbed for a tpu upload with a sane version. So we can proceed as follows: 1. Upload 11.0.4+4+really11.0.3+7-1 to unstable today 2. Do *not* unblock openjdk-11, the +really version is for unstable only 3. Test 11.0.3+7 in unstable for a week 4. Upload 11.0.4+4+really11.0.3+7-1 reversioned as 11.0.3+7-5 to testing-proposed-updates on 2019-06-20. Emmanuel Bourg
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Le 12/06/2019 à 00:37, Moritz Mühlenhoff a écrit : > I'm also fairly sure we've shipped non-GA releases for openjdk-8 before? That's true but the situation for OpenJDK 8 was slightly different. The GA releases weren't clearly identified by upstream and the code for alternative architectures (aarch32/64) wasn't always in sync with the main branch. With OpenJDK 11 the GA releases are now properly tagged as such by upstream and the architectures supported are all in the same tree. So from now on we have no excuse to keep uploading early access releases to Debian stable. Emmanuel Bourg
Bug#928185: unblock: openjdk-11/11.0.3+7-4
On Wed, Jun 12, 2019 at 12:37:11AM +0200, Moritz Mühlenhoff wrote: > On Mon, Jun 10, 2019 at 09:46:41PM -0700, tony mancill wrote: > > I am not a member of the OpenJDK team and contributed far less to the > > JDK 8 -> 11 transition than Emmanuel has. If he and Matthias are in > > agreement and the plan is palatable to the Release and Security Teams, > > that's ideal. > > I don't have any preference either, just adding my 2 cents here; with > our buster release set to 6th of July and the next Oracle CPU set for > July 16, we'll ship a non-GA release of Java for maybe two, at most three > weeks (as buster-security will rebase to the next openjdk-11 following > the CPU). I'm also fairly sure we've shipped non-GA releases for openjdk-8 > before? > > In any case, whether we go with t-p-u or unblocking the sid version, > we should fix a solution before the release and not ship buster with > the unfixed issues from the April CPU :-) Regarding t-p-u and/or unstable, a source package and build of 11.0.4+4+really11.0.3+7 can be found here: https://people.debian.org/~tmancill/openjdk-11/ The interdiff [1] between this build and the 11.0.3+7-5 discussed previously in this thread and this build is small (as would be expected). The debdiff [2] against 11.0.4+4-1 is (predictably) huge, as it reverts all of the 11.0.4 development. The packaging changes against unstable are also attached. I have done some basic smoke-testing of the 11.0.4+4+really11.0.3+7 packages - e.g. running zookeeper and building a few packages that depend on the JDK. The version reported by JVM is: > $ java -version > openjdk version "11.0.3" 2019-04-16 > OpenJDK Runtime Environment (build 11.0.3+7-post-Debian-1) > OpenJDK 64-Bit Server VM (build 11.0.3+7-post-Debian-1, mixed mode, sharing) Note that the date reported is part of JDK. Even the current version in buster, which was uploaded in February, reports the future "GA" date: > $ java -version > openjdk version "11.0.3" 2019-04-16 > OpenJDK Runtime Environment (build 11.0.3+1-Debian-1) > OpenJDK 64-Bit Server VM (build 11.0.3+1-Debian-1, mixed mode, sharing) Decision time... :) Thanks, tony [1] https://people.debian.org/~tmancill/openjdk-11/interdiff_buster_11.0.3+7+5_vs_11.0.4+4+really11.0.3+7-1.diff [2] https://people.debian.org/~tmancill/openjdk-11/11.0.4+4-1.dsc_vs_11.0.4+4+really11.0.3+7-1.dsc.debdiff diff --git a/debian/changelog b/debian/changelog index af1e3ee8a..eeba772dd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +openjdk-11 (11.0.4+4+really11.0.3+7-1) unstable; urgency=medium + + * Team upload. + * Revert upstream sources to GA release 11.0.3+7. + * Disable workaround_expand_exec_shield_cs_limit.diff and +hotspot-disable-exec-shield-workaround.diff patches + * No longer try to install jspawnhelper. + + -- tony mancill Mon, 10 Jun 2019 19:16:00 -0700 + openjdk-11 (11.0.4+4-1) unstable; urgency=medium * OpenJDK 11.0.4+4 build (early access). diff --git a/debian/patches/series b/debian/patches/series index 8d10621eb..d057ce0af 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -6,7 +6,7 @@ icedtea-override-redirect-compiz.diff libpcsclite-dlopen.diff jexec.diff default-jvm-cfg.diff -workaround_expand_exec_shield_cs_limit.diff +#workaround_expand_exec_shield_cs_limit.diff adlc-parser.diff multiple-pkcs11-library-init.diff s390x-thread-stack-size.diff @@ -20,7 +20,7 @@ machine-flag.diff zero-x32.diff mips-sigset.diff # s390x-zEC12.diff -hotspot-disable-exec-shield-workaround.diff +#hotspot-disable-exec-shield-workaround.diff atk-wrapper-security.diff # java-access-bridge-security.diff # jdk-pulseaudio.diff diff --git a/debian/rules b/debian/rules index 0a12fba23..3ee4fc237 100755 --- a/debian/rules +++ b/debian/rules @@ -91,7 +91,9 @@ else endif jvmver = 1.11.0 shortver = 11 -v_upstream := $(shell echo $(PKGVERSION) | sed 's/-[^-][^-]*$$//') +#v_upstream := $(shell echo $(PKGVERSION) | sed 's/-[^-][^-]*$$//') +#v_pkgrel := $(shell echo $(PKGVERSION) | sed 's/^.*-//') +v_upstream := 11.0.3+7 v_pkgrel := $(shell echo $(PKGVERSION) | sed 's/^.*-//') # FIXME. currently v_upstream like 11~4 v_upbase := $(word 1, $(subst +, , $(v_upstream))) @@ -100,9 +102,9 @@ v_upbuild := $(word 2, $(subst +, , $(v_upstream))) #v_upbuild := $(word 2, $(subst ~, , $(v_upstream))) # that should be the package version ... -ifneq ($(PKGVERSION),$(v_upbase)+$(v_upbuild)-$(v_pkgrel)) - $(error wrong version: $(v_upbase)+$(v_upbuild)-$(v_pkgrel) should be: $(PKGVERSION)) -endif +#ifneq ($(PKGVERSION),$(v_upbase)+$(v_upbuild)-$(v_pkgrel)) +# $(error wrong version: $(v_upbase)+$(v_upbuild)-$(v_pkgrel) should be: $(PKGVERSION)) +#endif #ifneq ($(PKGVERSION),$(v_upbase)~$(v_upbuild)-$(v_pkgrel)) # $(error wrong version: $(v_upbase)~$(v_upbuild)-$(v_pkgrel) should be: $(PKGVERSION)) #endif @@ -1201,7 +1203,6 @@ endif echo '$(basedir)/lib/jli/libjli.so'; \ echo '$(basedir)/lib/ct.sym'; \ echo
Bug#928185: unblock: openjdk-11/11.0.3+7-4
On Mon, Jun 10, 2019 at 09:46:41PM -0700, tony mancill wrote: > I am not a member of the OpenJDK team and contributed far less to the > JDK 8 -> 11 transition than Emmanuel has. If he and Matthias are in > agreement and the plan is palatable to the Release and Security Teams, > that's ideal. I don't have any preference either, just adding my 2 cents here; with our buster release set to 6th of July and the next Oracle CPU set for July 16, we'll ship a non-GA release of Java for maybe two, at most three weeks (as buster-security will rebase to the next openjdk-11 following the CPU). I'm also fairly sure we've shipped non-GA releases for openjdk-8 before? In any case, whether we go with t-p-u or unblocking the sid version, we should fix a solution before the release and not ship buster with the unfixed issues from the April CPU :-) Cheers, Moritz
Bug#928185: unblock: openjdk-11/11.0.3+7-4
On Tue, Jun 11, 2019 at 01:20:30AM +0200, Emmanuel Bourg wrote: > Le 10/06/2019 à 21:12, Sam Hartman a écrit : > > > My position is that the openjdk maintainers should make this decision > > based on what is best for our users based on the quality of the > > software. > > There is little doubt the OpenJDK users want the latest stable release > for their stable systems, and not an intermediary early access release. > > > > If our reputation is tarnished for doing the right thing, then perhaps > > tarnish is in. > > *sighs* > > It's your call Matthias then. > > It's a bit sad that after the countless hours poured over the last two > years into the transition to OpenJDK 11 my voice has no weight on this > final decision. We're in an awkward situation with respect to the JVM in the release, and I apologize for making it more awkward by second-guessing myself in the middle of a bug report. Avoiding a release with an early-access build of the JVM is why I got involved in the first place. Paul's comment about testing gave me pause; the thought of adequate testing at this stage of the release cycle (and then again for the security release of 11.0.4 GA) is daunting. For now, I am building a 11.0.4+4+really11.0.3+7-1 package as discussed. Once it completes successfully and passes some smoketests, I will follow-up with a link to the debdiff and binaries. I am not a member of the OpenJDK team and contributed far less to the JDK 8 -> 11 transition than Emmanuel has. If he and Matthias are in agreement and the plan is palatable to the Release and Security Teams, that's ideal. Thanks, tony signature.asc Description: PGP signature
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Le 10/06/2019 à 21:12, Sam Hartman a écrit : > My position is that the openjdk maintainers should make this decision > based on what is best for our users based on the quality of the > software. There is little doubt the OpenJDK users want the latest stable release for their stable systems, and not an intermediary early access release. > If our reputation is tarnished for doing the right thing, then perhaps > tarnish is in. *sighs* It's your call Matthias then. It's a bit sad that after the countless hours poured over the last two years into the transition to OpenJDK 11 my voice has no weight on this final decision. Emmanuel Bourg
Bug#928185: unblock: openjdk-11/11.0.3+7-4
> "Emmanuel" == Emmanuel Bourg writes: Emmanuel> Le 10/06/2019 à 18:22, Sam Hartman a écrit : >> we release with pre-releases for other packages all the time when >> maintainers believe that's the right call to make. This is an >> area where we trust maintainers to decide what the right choice >> is for Debian. Sometimes they disagree with upstream's call on >> this point. Emmanuel> I know this happens for other packages, but that doesn't Emmanuel> mean we should do it for OpenJDK too. This practice is Emmanuel> generally frowned upon by upstream and the community. If Emmanuel> we insist on this way with OpenJDK our reputation will be Emmanuel> durably tarnished. Emmanuel> Emmanuel Bourg My position is that the openjdk maintainers should make this decision based on what is best for our users based on the quality of the software. If our reputation is tarnished for doing the right thing, then perhaps tarnish is in.
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Le 10/06/2019 à 18:22, Sam Hartman a écrit : > we release with pre-releases for other packages all the time when > maintainers believe that's the right call to make. > This is an area where we trust maintainers to decide what the right > choice is for Debian. Sometimes they disagree with upstream's call on > this point. I know this happens for other packages, but that doesn't mean we should do it for OpenJDK too. This practice is generally frowned upon by upstream and the community. If we insist on this way with OpenJDK our reputation will be durably tarnished. Emmanuel Bourg
Bug#928185: unblock: openjdk-11/11.0.3+7-4
> "Emmanuel" == Emmanuel Bourg writes: Emmanuel> Le 10/06/2019 à 16:18, tony mancill a écrit : >> Emmanuel, I recognize that I am reversing position turn on this. >> I know that you had expressed reservations about shipping with an >> EA version as well. I took a look at the diffs between 11.0.3+7 >> and 11.0.4+4, and all though there are a lot of them, they don't >> look particularly scary. Do you have specific concerns? Emmanuel> My concern is that Debian will be bashed for releasing Emmanuel> Buster with a pre-release of 11.0.4. Pre-releases should Emmanuel> never hit a stable distribution. we release with pre-releases for other packages all the time when maintainers believe that's the right call to make. This is an area where we trust maintainers to decide what the right choice is for Debian. Sometimes they disagree with upstream's call on this point.
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Le 10/06/2019 à 16:18, tony mancill a écrit : > Emmanuel, I recognize that I am reversing position turn on this. I know > that you had expressed reservations about shipping with an EA version as > well. I took a look at the diffs between 11.0.3+7 and 11.0.4+4, and > all though there are a lot of them, they don't look particularly scary. > Do you have specific concerns? My concern is that Debian will be bashed for releasing Buster with a pre-release of 11.0.4. Pre-releases should never hit a stable distribution. So either the Release Team is confident Buster won't be released before the second half of July, and we can unlock 11.0.4+4-1 from unstable now an upgrade it before the release, or we rollback to 11.0.3+7. Personally I'm fine with the proposed upload of +really11.0.3+7-1 to unstable for a week to give more assurance of its stability (but I don't expect any bad surprise, 11.0.3+7 has been in stretch-backports for two weeks now and no issue has been raised so far). Emmanuel Bourg
Bug#928185: unblock: openjdk-11/11.0.3+7-4
On Sun, Jun 09, 2019 at 04:19:53PM -0700, tony mancill wrote: > On Sun, Jun 09, 2019 at 09:54:50PM +0200, Paul Gevers wrote: > > Hi, > > > > On 05-06-2019 22:28, Paul Gevers wrote: > > > I really want bug 900912 and 925071 fixed. It seems that is missing from > > > your second approach. Let me sleep on it. What are the chances of you > > > agreeing on doing the +really upstream version dance such that we can > > > get some testing done in unstable? > > > > Hmm, I forgot I hinted at a follow up from me while I was waiting for a > > response from you. > > > > Let's get this thing moving. We are running out of time (I do want to > > have some time where the package is actually used before the release). I > > still prefer a version via unstable that I can approve from there, but > > if this is too difficult because of version mangling (hinted in > > private), than please upload to tpu. You asked my preference for two > > versions by you, I suggest to go with the version based on the highest > > one that has been in unstable already. > > Hi Paul, > > I thought perhaps there was a side conversation going on, so thank you > for resuming the thread. Of the two debdiffs I included before, neither > was based on the current version in unstable, 11.0.4+4-1. I will start > with that package and patch upstream back to 11.0.3+7. > > For an upload to unstable the version will be: > > 11.0.4+4+really11.0.3+7-1 > > which will also roll unstable back to the upstream GA release. Hi Paul, I have been thinking about risk (to our users) and adequate testing and now believe that I should revisit my position that buster should ship with 11.0.3+7 (the 11.0.3 GA). From what I understand, the Security Team is willing to take the 11.0.4 GA once it is available in July: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928185#67 In that case, instead of taking buster through this sequence: 11.0.3+1 (buster now) -> 11.0.3+7 (soon) -> 11.0.4 GA (July) It seems less disruptive and allow for more testing to do: 11.0.4+4 (in unstable now) -> 11.0.4 GA (July) This addresses the open CVEs in buster and the 2 important bugs Paul mentions above. It will also give us more time to test against 11.0.4 before distributing it via security updates. As a minor bonus, it also avoids downgrading the JVM in unstable and doing odd things to the versioning and packaging repo. This aligns with what Matthias proposed here: https://lists.debian.org/debian-java/2019/06/msg2.html Emmanuel, I recognize that I am reversing position turn on this. I know that you had expressed reservations about shipping with an EA version as well. I took a look at the diffs between 11.0.3+7 and 11.0.4+4, and all though there are a lot of them, they don't look particularly scary. Do you have specific concerns? In summary, what if we update this unblock to apply to the current version in unstable? Thanks, tony signature.asc Description: PGP signature
Bug#928185: unblock: openjdk-11/11.0.3+7-4
On Sun, Jun 09, 2019 at 09:54:50PM +0200, Paul Gevers wrote: > Hi, > > On 05-06-2019 22:28, Paul Gevers wrote: > > I really want bug 900912 and 925071 fixed. It seems that is missing from > > your second approach. Let me sleep on it. What are the chances of you > > agreeing on doing the +really upstream version dance such that we can > > get some testing done in unstable? > > Hmm, I forgot I hinted at a follow up from me while I was waiting for a > response from you. > > Let's get this thing moving. We are running out of time (I do want to > have some time where the package is actually used before the release). I > still prefer a version via unstable that I can approve from there, but > if this is too difficult because of version mangling (hinted in > private), than please upload to tpu. You asked my preference for two > versions by you, I suggest to go with the version based on the highest > one that has been in unstable already. Hi Paul, I thought perhaps there was a side conversation going on, so thank you for resuming the thread. Of the two debdiffs I included before, neither was based on the current version in unstable, 11.0.4+4-1. I will start with that package and patch upstream back to 11.0.3+7. For an upload to unstable the version will be: 11.0.4+4+really11.0.3+7-1 which will also roll unstable back to the upstream GA release. More soon - thank you, tony signature.asc Description: PGP signature
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Hi, On 05-06-2019 22:28, Paul Gevers wrote: > I really want bug 900912 and 925071 fixed. It seems that is missing from > your second approach. Let me sleep on it. What are the chances of you > agreeing on doing the +really upstream version dance such that we can > get some testing done in unstable? Hmm, I forgot I hinted at a follow up from me while I was waiting for a response from you. Let's get this thing moving. We are running out of time (I do want to have some time where the package is actually used before the release). I still prefer a version via unstable that I can approve from there, but if this is too difficult because of version mangling (hinted in private), than please upload to tpu. You asked my preference for two versions by you, I suggest to go with the version based on the highest one that has been in unstable already. Paul signature.asc Description: OpenPGP digital signature
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Hi Tony, Emmanuel, Matthias, On 05-06-2019 08:07, tony mancill wrote: > On Tue, Jun 04, 2019 at 09:36:56PM +0200, Paul Gevers wrote: >> Ping... [fixed borked address of doko and added Tony] >> >> On 29-05-2019 20:22, Paul Gevers wrote: >>> Control: tags -1 928185 moreinfo >>> Control: reopen -1 >>> >>> Hi, >>> >>> On 28-05-2019 23:50, Emmanuel Bourg wrote: Tony Mancill has prepared the tpu upload yesterday and Matthias was ok with 11.0.3+7 in testing [1]. >>> >>> Can I see a debdiff please? >>> Unless Buster is expected at the end of July I'd advise against having 11.0.4+2 in testing. This version is an early access release, the final 11.0.4 release is expected on July 16th [2]. Debian is currently being criticized [3] for allowing EA versions of OpenJDK in Debian stable, I think it's important to ship Buster with a GA release. >>> >>> Then please refrain from uploading the wrong version to unstable, we >>> have experimental for that. TPU doesn't get much testing, and for sure >>> isn't covered well by our QA yet. So having such a high profile package >>> with so much changes going through tpu is awkward. > > Hi Paul! > > Thank you for copying me on this as I missed this bug, despite being > part of a related thread on debian-java [1] (that probably mentions it > somewhere). Also, aside from sponsoring an upload of openjdk-8 to > experimental for Tiago last year, I haven't worked much with the openjdk > packaging and so am trying to come up to speed. However, I do think > it's important that Buster ship with a "GA" version of openjdk-11 (if > possible), which is why I have volunteered to help. > > I've looked at a couple different approaches, both of which result in > large debdiffs. > > The first is to take Matthias' upload of 11.0.3+7-4 to unstable [2] and > then revert the jdk11u-dev updates patch as per a suggestion made by > Emmanuel in IRC. The resulting debdiff against the current package in > buster is about 310k [3]. > > The second approach was to go back to the 11.0.3+1-1 package in buster > and then import upstream 11.0.3+7, resulting in a debdiff of 270k [4]. > (I am numbered this 11.0.3+7-1 for my local build, since that's still > less than the version in unable, but let's ignore the package revision > for now.) My hope was that the second approach would result in a smaller > diff to make it more palatable to the Release Team, but 270k is big. > > Note that the second approach is essentially the one Emmanuel took with > openjdk-11 backport for stretch [5]. The reason the debdiff is smaller > is because debian/patches/changes-from-11.0.3+1-to-11.0.3+7.patch > doesn't prunes the changes to upstream tests that changed between those > releases. Or to put it another way, most of the large debdiff is due to > tests, not changes to the runtime. > > All that said, I'm not well-versed in all of the packaging changes made > since the freeze and haven't formed a strong opinion on which approach > is better for Buster. At a minimum we need to address the CVEs present > in 11.0.3+1, so the idea with jumping to 11.0.3+7 is that we address the > security issues and are building from an upstream GA tag instead of an > early-access tag. > > Sorry for the book - I know all you asked for was the debdiff... > > Thanks, > tony > > [1] https://lists.debian.org/debian-java/2019/05/msg7.html > [2] > https://tracker.debian.org/news/1038802/accepted-openjdk-11-11037-4-source-into-unstable/ > [3] > https://people.debian.org/~tmancill/openjdk-11/11.0.3+1-1.dsc_vs_11.0.3+7-5.dsc.debdiff > [4] > https://people.debian.org/~tmancill/openjdk-11/buster_minimal_11.0.3+1-1_11.0.3+7-1_dsc.debdiff > [5] > https://tracker.debian.org/news/1040268/accepted-openjdk-11-11031-1bpo92-source-amd64-all-into-stretch-backports-backports-policy-stretch-backports/ I really want bug 900912 and 925071 fixed. It seems that is missing from your second approach. Let me sleep on it. What are the chances of you agreeing on doing the +really upstream version dance such that we can get some testing done in unstable? Paul signature.asc Description: OpenPGP digital signature
Bug#928185: unblock: openjdk-11/11.0.3+7-4
On Tue, Jun 04, 2019 at 09:36:56PM +0200, Paul Gevers wrote: > Ping... [fixed borked address of doko and added Tony] > > On 29-05-2019 20:22, Paul Gevers wrote: > > Control: tags -1 928185 moreinfo > > Control: reopen -1 > > > > Hi, > > > > On 28-05-2019 23:50, Emmanuel Bourg wrote: > >> Tony Mancill has prepared the tpu upload yesterday and Matthias was ok > >> with 11.0.3+7 in testing [1]. > > > > Can I see a debdiff please? > > > >> Unless Buster is expected at the end of July I'd advise against having > >> 11.0.4+2 in testing. This version is an early access release, the final > >> 11.0.4 release is expected on July 16th [2]. Debian is currently being > >> criticized [3] for allowing EA versions of OpenJDK in Debian stable, I > >> think it's important to ship Buster with a GA release. > > > > Then please refrain from uploading the wrong version to unstable, we > > have experimental for that. TPU doesn't get much testing, and for sure > > isn't covered well by our QA yet. So having such a high profile package > > with so much changes going through tpu is awkward. Hi Paul! Thank you for copying me on this as I missed this bug, despite being part of a related thread on debian-java [1] (that probably mentions it somewhere). Also, aside from sponsoring an upload of openjdk-8 to experimental for Tiago last year, I haven't worked much with the openjdk packaging and so am trying to come up to speed. However, I do think it's important that Buster ship with a "GA" version of openjdk-11 (if possible), which is why I have volunteered to help. I've looked at a couple different approaches, both of which result in large debdiffs. The first is to take Matthias' upload of 11.0.3+7-4 to unstable [2] and then revert the jdk11u-dev updates patch as per a suggestion made by Emmanuel in IRC. The resulting debdiff against the current package in buster is about 310k [3]. The second approach was to go back to the 11.0.3+1-1 package in buster and then import upstream 11.0.3+7, resulting in a debdiff of 270k [4]. (I am numbered this 11.0.3+7-1 for my local build, since that's still less than the version in unable, but let's ignore the package revision for now.) My hope was that the second approach would result in a smaller diff to make it more palatable to the Release Team, but 270k is big. Note that the second approach is essentially the one Emmanuel took with openjdk-11 backport for stretch [5]. The reason the debdiff is smaller is because debian/patches/changes-from-11.0.3+1-to-11.0.3+7.patch doesn't prunes the changes to upstream tests that changed between those releases. Or to put it another way, most of the large debdiff is due to tests, not changes to the runtime. All that said, I'm not well-versed in all of the packaging changes made since the freeze and haven't formed a strong opinion on which approach is better for Buster. At a minimum we need to address the CVEs present in 11.0.3+1, so the idea with jumping to 11.0.3+7 is that we address the security issues and are building from an upstream GA tag instead of an early-access tag. Sorry for the book - I know all you asked for was the debdiff... Thanks, tony [1] https://lists.debian.org/debian-java/2019/05/msg7.html [2] https://tracker.debian.org/news/1038802/accepted-openjdk-11-11037-4-source-into-unstable/ [3] https://people.debian.org/~tmancill/openjdk-11/11.0.3+1-1.dsc_vs_11.0.3+7-5.dsc.debdiff [4] https://people.debian.org/~tmancill/openjdk-11/buster_minimal_11.0.3+1-1_11.0.3+7-1_dsc.debdiff [5] https://tracker.debian.org/news/1040268/accepted-openjdk-11-11031-1bpo92-source-amd64-all-into-stretch-backports-backports-policy-stretch-backports/ signature.asc Description: PGP signature
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Ping... [fixed borked address of doko and added Tony] On 29-05-2019 20:22, Paul Gevers wrote: > Control: tags -1 928185 moreinfo > Control: reopen -1 > > Hi, > > On 28-05-2019 23:50, Emmanuel Bourg wrote: >> Tony Mancill has prepared the tpu upload yesterday and Matthias was ok >> with 11.0.3+7 in testing [1]. > > Can I see a debdiff please? > >> Unless Buster is expected at the end of July I'd advise against having >> 11.0.4+2 in testing. This version is an early access release, the final >> 11.0.4 release is expected on July 16th [2]. Debian is currently being >> criticized [3] for allowing EA versions of OpenJDK in Debian stable, I >> think it's important to ship Buster with a GA release. > > Then please refrain from uploading the wrong version to unstable, we > have experimental for that. TPU doesn't get much testing, and for sure > isn't covered well by our QA yet. So having such a high profile package > with so much changes going through tpu is awkward. > > Paul signature.asc Description: OpenPGP digital signature
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Control: tags -1 928185 moreinfo Control: reopen -1 Hi, On 28-05-2019 23:50, Emmanuel Bourg wrote: > Tony Mancill has prepared the tpu upload yesterday and Matthias was ok > with 11.0.3+7 in testing [1]. Can I see a debdiff please? > Unless Buster is expected at the end of July I'd advise against having > 11.0.4+2 in testing. This version is an early access release, the final > 11.0.4 release is expected on July 16th [2]. Debian is currently being > criticized [3] for allowing EA versions of OpenJDK in Debian stable, I > think it's important to ship Buster with a GA release. Then please refrain from uploading the wrong version to unstable, we have experimental for that. TPU doesn't get much testing, and for sure isn't covered well by our QA yet. So having such a high profile package with so much changes going through tpu is awkward. Paul /me still not amused signature.asc Description: OpenPGP digital signature
Processed (with 1 error): Re: Bug#928185: unblock: openjdk-11/11.0.3+7-4
Processing control commands: > tags -1 928185 moreinfo Unknown tag/s: 928185. Recognized are: patch wontfix moreinfo unreproducible help security upstream pending confirmed ipv6 lfs d-i l10n newcomer a11y ftbfs fixed-upstream fixed fixed-in-experimental sid experimental potato woody sarge sarge-ignore etch etch-ignore lenny lenny-ignore squeeze squeeze-ignore wheezy wheezy-ignore jessie jessie-ignore stretch stretch-ignore buster buster-ignore bullseye bullseye-ignore bookworm bookworm-ignore. Bug #928185 {Done: Paul Gevers } [release.debian.org] unblock: openjdk-11/11.0.3+7-4 Added tag(s) moreinfo. > reopen -1 Bug #928185 {Done: Paul Gevers } [release.debian.org] unblock: openjdk-11/11.0.3+7-4 Bug reopened Ignoring request to alter fixed versions of bug #928185 to the same values previously set -- 928185: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928185 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#928185: unblock: openjdk-11/11.0.3+7-4
> "Matthias" == Matthias Klose writes: Matthias> On 29.05.19 00:23, Sam Hartman wrote: >>> "Emmanuel" == Emmanuel Bourg writes: >> >> I'm not on the release team and cannot authorize a TPU. >> >> >> As an interested bystander I'd ask that you make sure any TPU >> contains a fix for the serious accessibility issue in >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900912 Matthias> no. this fix comes very late, and enabling accessibility Matthias> feature broke the normal operation in the past. The Matthias> packages in unstable have a fix which needs manual Matthias> enabling, certainly not ideal, but safe to release. So Matthias> please only backport this fix which is disabled by Matthias> default. Exactly. We agreed that the solution to 900912 for buster was to have the fix disabled by default but available. I'm asking that if we choose to TPU rather than unblock the packages in unstable, we include this fix from unstable. --Sam
Bug#928185: unblock: openjdk-11/11.0.3+7-4
On 29.05.19 00:23, Sam Hartman wrote: >> "Emmanuel" == Emmanuel Bourg writes: > > I'm not on the release team and cannot authorize a TPU. > > > As an interested bystander I'd ask that you make sure any TPU contains a > fix for the serious accessibility issue in > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900912 no. this fix comes very late, and enabling accessibility feature broke the normal operation in the past. The packages in unstable have a fix which needs manual enabling, certainly not ideal, but safe to release. So please only backport this fix which is disabled by default. Matthias
Bug#928185: unblock: openjdk-11/11.0.3+7-4
> "Emmanuel" == Emmanuel Bourg writes: I'm not on the release team and cannot authorize a TPU. As an interested bystander I'd ask that you make sure any TPU contains a fix for the serious accessibility issue in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900912
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Le 28/05/2019 à 22:59, Paul Gevers a écrit : > I was under the impression that doko wanted the current version in > buster and that he and the security team want the next openjdk when it's > ready. Tony Mancill has prepared the tpu upload yesterday and Matthias was ok with 11.0.3+7 in testing [1]. > I unblocked openjdk-11/1.0.4+2-1, but apparently we still have > discussion to be had? I'd like to avoid tpu if possible. Unless Buster is expected at the end of July I'd advise against having 11.0.4+2 in testing. This version is an early access release, the final 11.0.4 release is expected on July 16th [2]. Debian is currently being criticized [3] for allowing EA versions of OpenJDK in Debian stable, I think it's important to ship Buster with a GA release. Emmanuel Bourg [1] https://lists.debian.org/debian-java/2019/05/msg00042.html [2] https://wiki.openjdk.java.net/display/JDKUpdates/JDK11u [3] https://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-May/009330.html
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Hi, On 28-05-2019 22:56, Emmanuel Bourg wrote: > Le 28/05/2019 à 21:41, Paul Gevers a écrit : > >> Thanks for this information, it was valuable. >> >> I'm not happy with the current situation, but I'll let openjdk-11 go >> into buster now. > > Thank you Paul. Should we upload openjdk-11/11.0.3+7-4 to > testing-proposed-updates now? I was under the impression that doko wanted the current version in buster and that he and the security team want the next openjdk when it's ready. I unblocked openjdk-11/1.0.4+2-1, but apparently we still have discussion to be had? I'd like to avoid tpu if possible. Paul PS: I commented by unblock for now signature.asc Description: OpenPGP digital signature
Bug#928185: unblock: openjdk-11/11.0.3+7-4
On Mon, May 27, 2019 at 03:46:44PM +0200, Matthias Klose wrote: > Control: tag -1 - moreinfo > > On 02.05.19 10:30, Julien Cristau wrote: > > Control: tag -1 moreinfo > > > > Hi Matthias, > > > > On Mon, Apr 29, 2019 at 06:12:36PM +0200, Matthias Klose wrote: > >> Package: release.debian.org > >> Severity: normal > >> User: release.debian@packages.debian.org > >> Usertags: unblock > >> > >> Please unblock openjdk-11/11.0.3+7-4. That's the quarterly security update > >> and > >> should be released with buster. No more updates planned until the next > >> security > >> update in July. > > > > From what I understand bug#926009 is a regression in that version. > > There's no explanation that I can see for that change, no associated > > bug, and it doesn't look appropriate. Please revert it. > > No. With the change of ownership of the upstream jdk11-updates project, you > see > that the patches applied to the Oracle builds and to the OpenJDK builds > differ, > and the OpenJDK maintainers need to track issues based on tags in the issue > tracker and backport these changes themself. The LibreOffice packages are > fixed, the gradle tests are not used. Other vendors also ship OpenJDK with > other vendor settings. > > This is a minor change, and we had far more disruptive updates in OpenJDK 11 > itself like many late changes for documentation building. > > I will continue to update the packages to the next security release which is > expected in July. If that's too late for the release, these will most likely > be > handled by the security team. Indeed, there's no point in not unblocking this now for buster; buster-security updates will be based on following the openjdk-11 upstream releases as already done for openjdk-7/8 in jessie/stretch. Cheers, Moritz
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Le 27/05/2019 à 15:46, Matthias Klose a écrit : > I will continue to update the packages to the next security release which is > expected in July. If that's too late for the release, these will most likely > be > handled by the security team. If openjdk-11 gets unblocked for Buster, it would be preferable to allow 11.0.3+7-4 to migrate (the actual 11.0.3 GA release we need in Buster) and not 11.0.4+2-1 which is an intermediary release that won't be finalized until July. I guess this requires an upload to testing-proposed-updates, right? Emmanuel Bourg
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Le 27/05/2019 à 15:46, Matthias Klose a écrit : > No. With the change of ownership of the upstream jdk11-updates project, you > see > that the patches applied to the Oracle builds and to the OpenJDK builds > differ, > and the OpenJDK maintainers need to track issues based on tags in the issue > tracker and backport these changes themself. The LibreOffice packages are > fixed, the gradle tests are not used. Other vendors also ship OpenJDK with > other vendor settings. > > This is a minor change, and we had far more disruptive updates in OpenJDK 11 > itself like many late changes for documentation building. I've reviewed the use of the java.vendor property in Debian and the occurrences I've found are either not used (in disabled tests for example), without consequences (checking the IBM JVM only) or already broken (still checking "Sun" instead of "Oracle", such as apache-directory-server). It still has the potential to break applications outside of the set of packages we ship in Buster, but considering the insane amount of breaking changes between OpenJDK 8 and OpenJDK 11 that's really a minor detail, and developers are certainly ready to cope with that. Emmanuel Bourg
Processed: Re: Bug#928185: unblock: openjdk-11/11.0.3+7-4
Processing control commands: > tag -1 - moreinfo Bug #928185 [release.debian.org] unblock: openjdk-11/11.0.3+7-4 Removed tag(s) moreinfo. -- 928185: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928185 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Control: tag -1 - moreinfo On 02.05.19 10:30, Julien Cristau wrote: > Control: tag -1 moreinfo > > Hi Matthias, > > On Mon, Apr 29, 2019 at 06:12:36PM +0200, Matthias Klose wrote: >> Package: release.debian.org >> Severity: normal >> User: release.debian@packages.debian.org >> Usertags: unblock >> >> Please unblock openjdk-11/11.0.3+7-4. That's the quarterly security update >> and >> should be released with buster. No more updates planned until the next >> security >> update in July. > > From what I understand bug#926009 is a regression in that version. > There's no explanation that I can see for that change, no associated > bug, and it doesn't look appropriate. Please revert it. No. With the change of ownership of the upstream jdk11-updates project, you see that the patches applied to the Oracle builds and to the OpenJDK builds differ, and the OpenJDK maintainers need to track issues based on tags in the issue tracker and backport these changes themself. The LibreOffice packages are fixed, the gradle tests are not used. Other vendors also ship OpenJDK with other vendor settings. This is a minor change, and we had far more disruptive updates in OpenJDK 11 itself like many late changes for documentation building. I will continue to update the packages to the next security release which is expected in July. If that's too late for the release, these will most likely be handled by the security team. Matthias
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Control: tags 928185 - wontfix Control: tags 928185 moreinfo Control: tags 926009 wontfix Hi doko, I assume you wanted to tag the openjdk-11 bug as wontfix, not the unblock bug, changed that above. On Thu, 2 May 2019 13:59:46 +0200 Matthias Klose wrote: > Control: tags -1 - moreinfo > Control: tags -1 + wontfix [...] > On 02.05.19 10:30, Julien Cristau wrote: > > From what I understand bug#926009 is a regression in that version. > > There's no explanation that I can see for that change, no associated > > bug, and it doesn't look appropriate. Please revert it. > > No. The issue is in the LibreOffice package, which already has this fixed in > testing. The openjdk package also has an appropriate Breaks. We are aware that LO is fixed for this change. What we are still missing is the rationale for why this is needed. We fear that this may break more things than LO, especially things outside of Debian control. Please help us understand why you think this is important and why you don't want to revert it. Paul signature.asc Description: OpenPGP digital signature
Processed: Re: Bug#928185: unblock: openjdk-11/11.0.3+7-4
Processing control commands: > tags 928185 - wontfix Bug #928185 [release.debian.org] unblock: openjdk-11/11.0.3+7-4 Removed tag(s) wontfix. > tags 928185 moreinfo Bug #928185 [release.debian.org] unblock: openjdk-11/11.0.3+7-4 Added tag(s) moreinfo. > tags 926009 wontfix Bug #926009 [src:openjdk-11] java.vendor change breaks applications checking java.vendor (like LibreOffice) Added tag(s) wontfix. -- 926009: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926009 928185: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928185 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#928185: unblock: openjdk-11/11.0.3+7-4
Processing control commands: > tags 928185 - wontfix Bug #928185 [release.debian.org] unblock: openjdk-11/11.0.3+7-4 Ignoring request to alter tags of bug #928185 to the same tags previously set > tags 928185 moreinfo Bug #928185 [release.debian.org] unblock: openjdk-11/11.0.3+7-4 Ignoring request to alter tags of bug #928185 to the same tags previously set > tags 926009 wontfix Bug #926009 [src:openjdk-11] java.vendor change breaks applications checking java.vendor (like LibreOffice) Ignoring request to alter tags of bug #926009 to the same tags previously set -- 926009: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926009 928185: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928185 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Hi, On Thu, May 02, 2019 at 01:59:46PM +0200, Matthias Klose wrote: > > From what I understand bug#926009 is a regression in that version. > > There's no explanation that I can see for that change, no associated ^ > > bug, and it doesn't look appropriate. Please revert it. > > No. The issue is in the LibreOffice package, which already has this fixed in > testing. The openjdk package also has an appropriate Breaks. https://codesearch.debian.net/search?q=java.vendor.*Oracle Not only LO. (And there's many more but checking for "gcj" or "IBM", which do not matter in this case, though) And you forget eventual third-party stuff. And as Julien says: there's no explanation on why this change is needed after all. Regards, Rene >
Processed: Re: Bug#928185: unblock: openjdk-11/11.0.3+7-4
Processing control commands: > tags -1 - moreinfo Bug #928185 [release.debian.org] unblock: openjdk-11/11.0.3+7-4 Removed tag(s) moreinfo. > tags -1 + wontfix Bug #928185 [release.debian.org] unblock: openjdk-11/11.0.3+7-4 Added tag(s) wontfix. -- 928185: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928185 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Control: tags -1 - moreinfo Control: tags -1 + wontfix On 02.05.19 10:30, Julien Cristau wrote: > Control: tag -1 moreinfo > > Hi Matthias, > > On Mon, Apr 29, 2019 at 06:12:36PM +0200, Matthias Klose wrote: >> Package: release.debian.org >> Severity: normal >> User: release.debian@packages.debian.org >> Usertags: unblock >> >> Please unblock openjdk-11/11.0.3+7-4. That's the quarterly security update >> and >> should be released with buster. No more updates planned until the next >> security >> update in July. > > From what I understand bug#926009 is a regression in that version. > There's no explanation that I can see for that change, no associated > bug, and it doesn't look appropriate. Please revert it. No. The issue is in the LibreOffice package, which already has this fixed in testing. The openjdk package also has an appropriate Breaks.
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Control: tag -1 moreinfo Hi Matthias, On Mon, Apr 29, 2019 at 06:12:36PM +0200, Matthias Klose wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock openjdk-11/11.0.3+7-4. That's the quarterly security update and > should be released with buster. No more updates planned until the next > security > update in July. >From what I understand bug#926009 is a regression in that version. There's no explanation that I can see for that change, no associated bug, and it doesn't look appropriate. Please revert it. Thanks, Julien
Processed: Re: Bug#928185: unblock: openjdk-11/11.0.3+7-4
Processing control commands: > tag -1 moreinfo Bug #928185 [release.debian.org] unblock: openjdk-11/11.0.3+7-4 Added tag(s) moreinfo. -- 928185: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928185 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#928185: unblock: openjdk-11/11.0.3+7-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock openjdk-11/11.0.3+7-4. That's the quarterly security update and should be released with buster. No more updates planned until the next security update in July.