[20.09] openjdk: 11.0.8 -> 11.0.9 #102831
Conversation
(cherry picked from commit e659537)
|
/marvin opt-in |
|
Hi! I'm an experimental bot. My goal is to guide this PR through its stages, hopefully ending with a merge. You can read up on the usage here. |
|
/status needs_merger I hope I'm doing it all right. Not only with the bot, but with the workflow in general. |
|
Since this is a backport, have you looked at the changelog and made sure that there are no potentially breaking changes? We do not want to disrupt anybody's workflow on a stable system. |
|
@timokau since this is a point release of JDK, I wouldn't expect any breaking changes, only bugfixes and security patches. https://foojay.io/java-11/?quarter=102020&tab=highlights&version=11.0.9 confirms my suspicions - lots of bugfixes, some security patches. |
|
@timokau @kisik21 I guess the only thing which may generate some trouble is: https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8233228 At least this popped in one of my projects. |
|
@asbachb citing the issue you linked:
Can we somehow provide documentation for users to do that on their own if they need those curves? |
|
@kisik21 I guess normally you'd adjust |
|
I guess same would apply to #102839 |
|
Then I guess we can merge this one too. Maybe the update disabling less secure curves will make some users migrate to stronger cryptography? 😸 |
That's reasonable, but it can't hurt to double check. openjdk is a very central package, and not all projects assign the same meaning to "point release". Thanks for checking! I think the issue you linked is fine, since its a very minor regression and security-relevant. |
(cherry picked from commit e659537)
Motivation for this change
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)