> -----Original Message----- > From: Sean Mullan <sean.mul...@oracle.com> > Sent: Samstag, 27. April 2019 00:54 > To: Langer, Christoph <christoph.lan...@sap.com>; security- > d...@openjdk.java.net; Rajan Halade <rajan.hal...@oracle.com> > Subject: Re: Regarding JDK-8216577: Add GlobalSign's R6 Root certificate > > On 4/26/19 6:04 PM, Langer, Christoph wrote: > > Hi, > > > > In JBS I can find the bug JDK-8216577: Add GlobalSign's R6 Root > > certificate [0]. > > > > This change has gone into 12.0.1 and also 12.0.2 but it's not part of > > JDK13 (jdk/jdk) and also not of JDK11 (e.g. 11.0.3-oracle, > > 11.0.4-oracle). Could you please shed some light into this unusual > > proceeding? Usually such changes would happen in jdk/jdk first, and then > > be backported, I guess. > > > > Is there any reason why the certificate was only added to the jdk12 > > updates train? > > It should be in 11.0.3-oracle. The backport issue is Confidential so > maybe that is why you thought it wasn't.
Yep, that explains it. Any particular reason that the 11.0.3-oracle backport is confidential? Could you make it public? Just asking... > JDK 13 seems like an oversight. Rajan, any idea what happened? Can you > push this to JDK 13? Thanks in advance. Looking forward to see this in JDK 13. > > Will the certificate be brought to the other update > > versions later on? > > Which other updates? Ok, yes, that's all the Oracle updates. I'll bring the change to OpenJDK 11 updates then. Thanks Christoph
