Bug 1340845 - Java/OpenJDK enforces the system-wide crypto policy
Summary: Java/OpenJDK enforces the system-wide crypto policy
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: Changes Tracking
Version: 26
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Nikos Mavrogiannopoulos
QA Contact:
URL:
Whiteboard: ChangeAcceptedF26, SelfContainedChange
Depends On: 1249083
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-05-30 12:05 UTC by Jan Kurik
Modified: 2017-07-25 17:04 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-07-25 17:04:39 UTC
Type: ---

Attachments (Terms of Use)

Description Jan Kurik 2016-05-30 12:05:01 UTC 
This is a tracking bug for Change: Java/OpenJDK enforces the system-wide crypto policy
For more details, see: https://fedoraproject.org//wiki/Changes/JavaCryptoPolicies

As it is now, the System-wide crypto policy in F24 is only enforced by the OpenSSL and GnuTLS TLS libraries. To harmonize crypto across all applications in Fedora, including the Java ones, OpenJDK is enhanced to respect the settings of the system-wide crypto policy as well.
Comment 1 Jan Kurik 2016-07-26 04:50:35 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 25 development cycle.
Changing version to '25'.
Comment 2 Jan Kurik 2016-07-26 05:22:36 UTC 
On 2016-July-26, we have reached Fedora 25 Change Checkpoint: Completion deadline (testable).

At this point, all accepted changes should be substantially complete, and testable. Additionally, if a change is to be enabled by default, it must be enabled at Change Completion deadline as well.

Change tracking bug should be set to the MODIFIED state to indicate it achieved completeness.

Incomplete and non testable Changes will be reported to FESCo on 2016-July-29 meeting.
Comment 3 Nikos Mavrogiannopoulos 2016-07-26 08:16:25 UTC 
Hi Andrew, is that already complete in F25? The policy is already modified to generate /etc/crypto-policies/back-ends/java.config
Comment 4 Andrew John Hughes 2016-07-26 13:52:30 UTC 
No, not yet :-(

My time these last few months has been taken up by RHEL 7.3 and the security updates to OpenJDK.
Comment 5 Jan Kurik 2016-08-01 20:25:34 UTC 
Based on the FESCo decision deferring this Change to F26: https://fedorahosted.org/fesco/ticket/1606#comment:3
Comment 6 Fedora End Of Life 2017-02-28 09:58:41 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 26 development cycle.
Changing version to '26'.
Comment 7 Jan Kurik 2017-02-28 10:08:26 UTC 
On 2017-Feb-28, we have reached the Fedora 26 Change Checkpoint: Completion deadline (testable).

At this point, all accepted changes should be substantially complete, and testable. Additionally, if a change is to be enabled by default, it must be enabled at Change Completion deadline as well.

Change tracking bug should be set to the MODIFIED state to indicate it achieved completeness.

Incomplete and non testable Changes will be reported to FESCo for 2017-Mar-03 meeting.
Comment 8 Jan Kurik 2017-05-17 09:13:20 UTC 
On 2017-May-16 we reached the "Change Checkpoint: 100% Code Complete Deadline" milestone for Fedora 26 release. At this point all the Changes not at least in "ON_QA" state should be brought to FESCo for review. Please update the state of this bug to "ON_QA" if it is already 100% completed. Please let me know in case you have any trouble with the implementation and the Change needs any help or review.

Thanks, Jan
Comment 9 Jan Kurik 2017-05-19 08:13:23 UTC 
This Change is going to be reviewed on a FESCo meeting: https://pagure.io/fesco/issue/1710
Comment 10 Nikos Mavrogiannopoulos 2017-05-23 13:58:24 UTC 
Sorry I lost the emails. The change is already completed and included in Fedora 26.
Note You need to log in before you can comment on or make changes to this bug.