Minor thoughts (Re: [External] : Re: JEP draft: Prepare to Restrict The Use of JNI

[Dan Heidinga]

First, thanks Ron for the detailed write up on this - it certainly helps to
clarify the context of the change.

On Fri, Sep 1, 2023 at 9:24 AM Alan Snyder <javalists at cbfiddle.com> wrote:

>
> On Sep 1, 2023, at 5:08 AM, Ron Pressler <ron.pressler at oracle.com> wrote:
>
> In other words, it’s extremely hard for the author to know whether their
> application is carrying knives or not, and if so where to look if its
> handling them safely.
>
>
> Indeed. How does the flag solve this problem?
>

 The flag is the user saying "I'm OK if my application carries knives" and
many users of many applications will be just fine with saying that.  Those
who aren't ok are the same users who have historically opted into using the
SecurityManager to restrict access to linking dynamic libraries.  The
change here is to make the integrity of the platform the default and the
opt-out explicit.  It's a pain now but part of a path to a better place for
the ecosystem.

--Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/jdk-dev/attachments/20230901/452034be/attachment.htm>