On 27.05.19 18:23, Gil Tene wrote: >> Did you try to contact Debian folks to give them opportunity to fix those >> security concerns before going public with them? Or did they not react in >> time? > > Multiple times over ~4.5 years, and through multiple channels. The > “we don’t care”, “go away, vendor”, and “java and openjdk do versioning > wrong” reactions are the most common. Many were less polite than that. > The defensive tone of the email you see on this thread is about average. > The denial and deflection attempts you see there are also common.
I can't follow that. There is not a single bug report about that in the Debian tracker. Looking at the Debian Java mailing list, there is not a single posting from your side. And I can't remember that being discussed on the ML either. Also not on the distro-pkg-dev ML. Same thing for the Ubuntu bug tracker. So which channels are you using? > Some people just don’t want help, at least not from some. And that’s fine. I raised questions about the versioning on the jdk ML's multiple times. Most of those were ignored, or saw the versioning as being correct. I brought up the configuration issues at this year OpenJDK committers workshop, but it was voted down because other topics seemed more pressing to discuss. Matthias
