On Fri, Dec 1, 2017 at 7:09 PM, Sean Mullan <sean.mul...@oracle.com> wrote: > On 12/1/17 12:22 PM, Alan Bateman wrote: >> >> >> >> On 01/12/2017 17:16, Volker Simonis wrote: >>> >>> Hi Rajan, >>> >>> great to see this finally happen! >>> >>> I have just a quick question related to the tests. As far as I can >>> see, the tests will only succeed if the OpenJDK will be build with the >>> new open sourced, Oracle root certificates. But what if somebody is >>> building the OpenJDK with his own set of root certificates (by using >>> the --with-cacerts-file option)? Do you see any possibility of >>> restricting these tests only to builds which used the original, >>> checked in cacerts file? >> >> If needed, you could add a keyword (@key tag) on these tests, or any tests >> that depend on the OpenJDK cacerts file, so can you control if the tests are >> run or not. > > > Also, the interop tests are not part of any of the 3 tiers, so they won't be > run unless you specifically include the jdk_security_infra group. > > So only the VerifyCACerts test would potentially fail by default (it is part > of tier2). If this becomes a big issue, we can follow-up later and > investigate more with some sort of fix, but I don't think this should hold > up the current fix. >
No, I didn't want to hold up this fix - I'm quite happy to finally see it in the OpenJDK. I just wanted to point out potential issues but I agree that we can handle them later, when they become real. Regards, Volker > Thanks, > Sean >