On Fri, 4 Apr 2025 07:55:20 GMT, Alan Bateman <al...@openjdk.org> wrote:
> > I'm not entirely sure what you are suggesting. Is it keeping a list of > > "upgradeable" files in a properties file. Files listed in that properties > > file aren't checked for hash sums (i.e. even if it's not modified)? That > > is, the explicit opt-in is not needed? Fine by me, but it's a weaker check. > > If we don't need the explicit opt-in, the patch becomes simpler as well. > > Yes, I think keep simple. We always want to allow tzdb.dat be upgraded by the > TZ updater tool. I think treating cacerts the same way is okay. As you note, > it has to be kept up to date too. I was thinking keytool import and wasn't > sure if the Linux distros configure with `-with-cacerts-file` or did > something else. Thanks for the clarification on this point. > > Starting with a simple list of two files won't preclude us from re-visiting > it again in the future. OK. Thanks. I'll update it then. ------------- PR Comment: https://git.openjdk.org/jdk/pull/24388#issuecomment-2777914239
