[External] : Re: JEP draft: Prepare to Restrict The Use of JNI

[Andrew Dinn]

On 29/08/2023 18:24, Peter Tribble wrote:
> And that's what I see as the problem here. There are no possible actions
> that will improve the ecosystem or the software. There is no better path
> that developers/users get guided towards. The only possible course of
> action is to --enable-native-access and carry on.
Actually, no. The other possible course of action is not to use the 
application. You actually said the same in the paragraph preceding the 
one I quoted.

That *is* a real choice. Users who are especially conscious of, say, 
security concerns, or data integrity concerns, might very well regards 
the need to pass --enable-native-access as a red flag and not run any 
such application.

The same story applies here as with applications that require, say, 
dynamic agent loading. Users of the Byteman BMUnit package are generally 
happy to enable agent hoisting in a system test environment and 
willingly pass the relevant command line option to enable it. Many of 
them carry that same blithe unconcern through to a deployed application 
runtime and profit from attaching the Byteman agent when their 
application manifests failures or other unexpected behaviour. However, 
quite rightly, the deployer of the application has the ability to 
guarantee that such an option is not available at deployment time.

regards,


Andrew Dinn
-----------
Red Hat Distinguished Engineer
Red Hat UK Ltd
Registered in England and Wales under Company Registration No. 03798903
Directors: Michael Cunningham, Michael ("Mike") O'Neill