[External] : Re: JEP draft: Prepare to Restrict The Use of JNI

Glavo zjx001202 at gmail.com
Tue Aug 29 21:59:13 UTC 2023 

>
> The whole point of this JEP is to give the choice of enabling JNI to the
> user. If a library developer can enable JNI by saying `requires native;`
> in a module, then the choice isn't given to the user.


Let the user make a choice? What do you let them choose? They can't choose
to be safe or not.
If they choose not to --enable-native-access for some modules, the app will
often break in unknown places.
Therefore, they can only choose to use it or not.

The main module is not the user. The user is the person who develops,
> maintains, or otherwise "owns" the application. The main module is part
> of the application. The point of the JEP is to let the user, outside the
> application, acknowledge the risk arising from use of JNI inside the
> application (whether in the main module or six levels down).
>

I realize that your definition of "end user" is even crazier than I
originally thought.

If the "user" you're talking about isn't even a developer, then what you're
saying doesn't make sense.
The way users avoid risks is containers and virtual machines. Java programs
without --enable-native-access are just as dangerous for them.

Glavo


On Wed, Aug 30, 2023 at 12:33 AM Alex Buckley <alex.buckley at oracle.com>
wrote:

> On 8/29/2023 9:29 AM, Attila Kelemen wrote:
> >
> >     The whole point of this JEP is to give the choice of enabling JNI to
> >     the
> >     user. If a library developer can enable JNI by saying `requires
> >     native;`
> >     in a module, then the choice isn't given to the user.
> >
> >
> > It is not about the library developer enabling JNI to the user (though I
> > do remember that somebody mentioned that possibility as well). Glavo,
> > and many others (including me) want the *main* module to be able to
> > declare it, and the main module is the user.
>
> The main module is not the user. The user is the person who develops,
> maintains, or otherwise "owns" the application. The main module is part
> of the application. The point of the JEP is to let the user, outside the
> application, acknowledge the risk arising from use of JNI inside the
> application (whether in the main module or six levels down).
>
> Alex
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/jdk-dev/attachments/20230830/8855d4bc/attachment.htm>

More information about the jdk-dev mailing list