On Tue, 22 Aug 2023 13:35:18 GMT, Volker Simonis <simo...@openjdk.org> wrote:
> In principle I very much prefer locking down dependency versions to keep the > build as reliable as possible. Unfortunately, as we have experienced so far, > this isn't possible with GHA because the exact package versions aren't kept > available for very long. I suppose it would be possible with very diligent > watching for new versions and manually testing and updating before the old > version disappears, but that doesn't seem feasible in practice. On the other > hand, I don't think we have actually seen any problems when bumping the > versions so far, so I'm now inclined to agree with this change. Thanks Erik. For the record, I would prefer the build environment was as stable as possible as well. I just don't think the current setup is actually achieving that, because we don't have control of these packages. As I mentioned in the PR description, if we really want that to work, we likely need to build our own compiler - or maybe even a full devkit - and provide it to the build as we do with the JDK. My experience of working with these shifting build environments in Fedora & RHEL over the years is that versions within the same major version tend to be stable, and we've experienced all kinds of weird & wonderful breakage when Fedora brings in some new major version of GCC. I believe this is why Ubuntu has the versioned GCC packages like `gcc-10` and I can't recall a GCC issue on RHEL, despite the GCC team providing updated builds of the same major version. If one was to occur, then it would seem preferable to catch it early in GHA and such a failure would be useful to us. I don't think the current missing package failures we're seeing are useful and they are a particular pain in the update releases where - for good reason - it takes more work to get a change in and there is less visibility. ------------- PR Comment: https://git.openjdk.org/jdk/pull/15374#issuecomment-1688619129
