[removed the Python 2 bits] On 11/17/20 11:08 PM, Moritz Muehlenhoff wrote: > Package: debian-security-support > Severity: normal > X-Debbugs-Cc: d...@debian.org, t...@security.debian.org
> openjdk-15 will be included, but not covered by support > (as it's only needed to bootstrap openjdk-16 and eventually > openjdk-17, the next LTS release of Java). > > How about the following for "security-support-limited"? > > -------------------- > openjdk-15 Only included for bootstrapping later OpenJDK > releases > -------------------- > > One important thing: These only applies to Bullseye and > security-support-limited is currently independent of releases, so this > needs to be fixed or alternatively we need to stop rebuilding the current > unstable package for older releases and instead branch of per distro. As background: OpenJDK 12 can only be built with 11, 13 with 12, 14 with 13, 15 with 14, 16 with 15. Only having 11 in bullseye would make backports more "interesting". For OpenJDK there are two other possibilities, which would require approval by release managers / stable release managers. - openjdk-16 will be released in April 2021, which is expected before the bullseye release. Shipping openjdk-16 instead of openjdk-15 would have the advantage that you are able to build openjdk-17 directly, without having to build openjdk-17 (LTS). This would require a feature freeze exception for bullseye. - package a snapshot of openjdk-17 (in April/May 2021), and only ship openjdk-17 in bullseye. In that case, update to the final openjdk-17 release in Oct 2021 as a stable release update, or as a security update. This would require a feature freeze exception for bullseye. After the bullseye release, it would require an approval of the stable release managers, or approval by the security team as a security update. I'm not saying that this package should see constant security support, but it is likely that openjdk-17 sees extended support upstream. Matthias
