It's not too late for access control
David M. Lloyd
david.lloyd at redhat.com
Wed Jul 13 21:38:53 UTC 2016
On 07/13/2016 04:17 PM, mark.reinhold at oracle.com wrote:
> 2016/7/11 7:21:46 -0700, david.lloyd at redhat.com:
>> ...
>>
>> I propose, once again, that rather than changing the meaning of "public"
>> to something unintuitive (and indeed counter to the definition of the
>> actual word), we instead allow the selective extension of
>> package-private. ...
>
> FYI, to jigsaw-dev readers: This approach was discussed on the JPMS EG
> list late last year. Here are links to the relevant messages:
>
> http://mail.openjdk.java.net/pipermail/jpms-spec-experts/2015-November/000194.html
> http://mail.openjdk.java.net/pipermail/jpms-spec-experts/2015-December/000215.html
> http://mail.openjdk.java.net/pipermail/jpms-spec-experts/2015-December/000219.html
> http://mail.openjdk.java.net/pipermail/jpms-spec-experts/2015-December/000222.html
> http://mail.openjdk.java.net/pipermail/jpms-spec-experts/2015-December/000223.html
> http://mail.openjdk.java.net/pipermail/jpms-spec-experts/2015-December/000227.html
> http://mail.openjdk.java.net/pipermail/jpms-spec-experts/2015-December/000228.html
Also note that the discussion tapered off inconclusively before really
discussing the possibility of selectively opening the package-private
level to friends. The above links are mostly about the idea of changing
package-private to mean module-private, which was dismissed as problematic.
Using the selective extension of package-private does not suffer from
the fatal security problems caused by simple recompilation from -target
8 to -target 9. The status quo is maintained in this case; users would
have to opt in to extending access, just as Jigsaw requires users to opt
in to make public classes available right now.
--
- DML
More information about the jigsaw-dev
mailing list