On Thu, 16 Apr 2026 15:52:28 GMT, Alan Bateman <[email protected]> wrote:
>> Just to be clear, I'm not not suggesting changing the keytool -cacerts >> option, my comment was about the keytool man page. I initially thought the >> man page referenced lib/security/cacerts but reading it again, it's the >> security properties file. We may have forgotten to change the file paths to >> conf/security. > > Just to conclude on this. I think the --cacerts option and have it take a > list of aliases is fine. > > For the wording then it might be a bit clearer to say "with only the > certificates ..." rather than putting "only" at the end. > > Part of also thinks that "<alias> is the name of an alias in the cacerts > keystore" should say the cacerts keystore in the java.base module (as this is > where jlink gets the certificates). > > Summary - useful feature when creating a run-time image for a specific > application or usage. > For the wording then it might be a bit clearer to say "with only the > certificates ..." rather than putting "only" at the end. > > Part of also thinks that " is the name of an alias in the cacerts keystore" > should say the cacerts keystore in the java.base module (as this is where > jlink gets the certificates). Fixed in https://github.com/openjdk/jdk/pull/29700/changes/b09c9f25bcabd385d58770be9e5b739850ab73a9 ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/29700#discussion_r3096814298
