On Wed, 26 Mar 2025 08:53:21 GMT, Alan Bateman <al...@openjdk.org> wrote:
> > @AlanBateman Would we need a CSR for this? This isn't any option that shows
> > up anywhere user-visible, so I'm thinking not. Please let me know. Thanks!
>
> There isn't any change to a supported interface so probably not.
Thanks.
> That said, I don't think we should integrate this change without further
> discussion and enumeration of the issues.
Sure.
> In the case of cacerts (mentioned in the JBS issue) then this requires more
> information to understand if it's "use system" or something is updating the
> cacerts in the JDK run-time image. I think TZ updates should be looked at too
The cacerts issue mentioned in the JBS issue relates to an RPM installation of
the JDK where the cacerts file is a symlink to the distro provided one. So I
think that's "use system" issue.
TZ updates would potentially break this too. If an external tool updates
`tzdb.dat` then the hash sum computed at JDK build-time will no longer match. I
believe this could also be solved with a sha-override (e.g. by coming from a
file `@${java.home}/sha-override.txt`) which would get the update along with
`tzdb.dat`.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/24190#issuecomment-2753812607
