This seems should be pushed into jdk.jdk directly as it’s not a vulnerability issue. There is no doubt now this should be pushed directly as it’s already released.
Because it was not pushed into jdk-cpu before(which IMHO is correct), naturally it won’t be in jdk.jdk without an explicit push. Cheers, Henry > On Apr 29, 2019, at 7:34 AM, Sean Mullan <sean.mul...@oracle.com> wrote: > > On 4/27/19 2:10 AM, Langer, Christoph wrote: >>> On 4/26/19 6:04 PM, Langer, Christoph wrote: >>>> Hi, >>>> >>>> In JBS I can find the bug JDK-8216577: Add GlobalSign's R6 Root >>>> certificate [0]. >>>> >>>> This change has gone into 12.0.1 and also 12.0.2 but it's not part of >>>> JDK13 (jdk/jdk) and also not of JDK11 (e.g. 11.0.3-oracle, >>>> 11.0.4-oracle). Could you please shed some light into this unusual >>>> proceeding? Usually such changes would happen in jdk/jdk first, and then >>>> be backported, I guess. >>>> >>>> Is there any reason why the certificate was only added to the jdk12 >>>> updates train? >>> It should be in 11.0.3-oracle. The backport issue is Confidential so >>> maybe that is why you thought it wasn't. >> Yep, that explains it. Any particular reason that the 11.0.3-oracle backport >> is confidential? Could you make it public? Just asking... > > Fixed. > >>> JDK 13 seems like an oversight. Rajan, any idea what happened? Can you >>> push this to JDK 13? >> Thanks in advance. Looking forward to see this in JDK 13. > > Sure, still looking into this. > > --Sean >
