/srv/irclogs.ubuntu.com/2023/11/15/#ubuntu-security.txt

JanCand also the test URLs00:05
JanCI suppose it protects against accidental edits/overwrites...00:06
mdeslauryeah00:06
JanCbut makes no sense to run those tests when certs are external00:06
mdeslaurand if they are expired perhaps, though that should be handled in a better way00:07
JanCthe URL tests would fail when they expire without being replaced indeed00:07
mdeslaurlooks like debian/ubuntu packaging just deletes the upstream cacerts file and symlinks the path to the system one, so there's nothing in openjdk itself to configure it to use the system ca certs00:10
mdeslaurwhich is why nothing disables the tests00:10
JanCan upstream knob to disable everything related to the CAs collection would be nice, I guess00:13
tewardmdeslaur: it SOUNDS like the test there is doing a test of "What we expect to be present on system" vs. "What is present on system" based on the SRU details00:42
tewardjust sayin00:42
tewardit makes sense for *upstream*'s tests to do this, but not necessarily on a distro build (in which case patch the packaging to not run that test)00:42
=== chris14_ is now known as chris14
mdeslaurteward: exactly12:24
tewardthen i'll make a followup comment based on this discussion16:01
tewardthanks for the rubberducking session :)16:02
tsimonq2Oh, hi. Seems I forgot to re-join this channel after my IRC client disconnected.18:13
tsimonq2sarnold: So... about that Vim update... :D18:13
tewardmdeslaur: and everyone else, apologies for using y'all as a temporary rubber-ducking session there on jtreg, but it was important enough to bounce off of y'all for any concerns :p18:19

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!