It's not too late for access control
Paul Benedict
pbenedict at apache.org
Wed Jul 13 22:33:31 UTC 2016
If I may opine on this matter -- and do so respectfully toward all parties
mentioned -- aside from Tim Ellison responding first, every other message
is between David and Mark. The discussion thread is a really good read and
a strong point/counterpoint match. However, there are 9 people on the
Expert Group [1]. What do the other 6 experts think? Being an observer, I
can see nothing but public discussion, and so all appearances on this list
tell me the item was left unresolved. I have no idea where the EG actually
stands as a whole on David's suggestion. I remember reading these exchanges
live, and curiously wondering why there are no additional agreements or
disagreements? My best theory then and now is this: Thanksgiving and
Christmas happened. It appears the holidays interrupted. Just my 2 cents.
[1] http://openjdk.java.net/projects/jigsaw/spec/
Cheers,
Paul
On Wed, Jul 13, 2016 at 4:38 PM, David M. Lloyd <david.lloyd at redhat.com>
wrote:
> On 07/13/2016 04:17 PM, mark.reinhold at oracle.com wrote:
>
>> 2016/7/11 7:21:46 -0700, david.lloyd at redhat.com:
>>
>>> ...
>>>
>>> I propose, once again, that rather than changing the meaning of "public"
>>> to something unintuitive (and indeed counter to the definition of the
>>> actual word), we instead allow the selective extension of
>>> package-private. ...
>>>
>>
>> FYI, to jigsaw-dev readers: This approach was discussed on the JPMS EG
>> list late last year. Here are links to the relevant messages:
>>
>>
>> http://mail.openjdk.java.net/pipermail/jpms-spec-experts/2015-November/000194.html
>>
>> http://mail.openjdk.java.net/pipermail/jpms-spec-experts/2015-December/000215.html
>>
>> http://mail.openjdk.java.net/pipermail/jpms-spec-experts/2015-December/000219.html
>>
>> http://mail.openjdk.java.net/pipermail/jpms-spec-experts/2015-December/000222.html
>>
>> http://mail.openjdk.java.net/pipermail/jpms-spec-experts/2015-December/000223.html
>>
>> http://mail.openjdk.java.net/pipermail/jpms-spec-experts/2015-December/000227.html
>>
>> http://mail.openjdk.java.net/pipermail/jpms-spec-experts/2015-December/000228.html
>>
>
> Also note that the discussion tapered off inconclusively before really
> discussing the possibility of selectively opening the package-private level
> to friends. The above links are mostly about the idea of changing
> package-private to mean module-private, which was dismissed as problematic.
>
> Using the selective extension of package-private does not suffer from the
> fatal security problems caused by simple recompilation from -target 8 to
> -target 9. The status quo is maintained in this case; users would have to
> opt in to extending access, just as Jigsaw requires users to opt in to make
> public classes available right now.
>
> --
> - DML
>
More information about the jigsaw-dev
mailing list