Minor thoughts (Re: [External] : Re: JEP draft: Prepare to Restrict The Use of JNI
Alan Snyder
javalists at cbfiddle.com
Fri Sep 1 15:15:28 UTC 2023
> On Sep 1, 2023, at 7:32 AM, Dan Heidinga <heidinga at redhat.com> wrote:
>
> First, thanks Ron for the detailed write up on this - it certainly helps to clarify the context of the change.
>
> On Fri, Sep 1, 2023 at 9:24 AM Alan Snyder <javalists at cbfiddle.com <mailto:javalists at cbfiddle.com>> wrote:
>>
>>> On Sep 1, 2023, at 5:08 AM, Ron Pressler <ron.pressler at oracle.com <mailto:ron.pressler at oracle.com>> wrote:
>>>
>>> In other words, it’s extremely hard for the author to know whether their application is carrying knives or not, and if so where to look if its handling them safely.
>>
>> Indeed. How does the flag solve this problem?
>
> The flag is the user saying "I'm OK if my application carries knives" and many users of many applications will be just fine with saying that. Those who aren't ok are the same users who have historically opted into using the SecurityManager to restrict access to linking dynamic libraries. The change here is to make the integrity of the platform the default and the opt-out explicit. It's a pain now but part of a path to a better place for the ecosystem.
>
> --Dan
I don’t think that answers my question.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/jdk-dev/attachments/20230901/2d0e10b3/attachment-0001.htm>
More information about the jdk-dev
mailing list