Proposal: Allow illegal reflective access by default in JDK 9

Mario Torre neugens.limasoftware at
Thu May 18 16:32:39 UTC 2017

2017-05-18 18:08 GMT+02:00 Uwe Schindler <uschindler at>:
> Hi Mark,
> To me this proposal is a Desaster. I'd not do this. Buggy software may use the big kill switch.
> Sorry Red Hat guys: that's what you triggered with your "no". Bravo! I am impressed!
> Sorry Gradle, the worst design in software about environment variables made the whole world again as unsafe as before. We will again see ongoing security updates in Java just fix fix holes that are opened by default. When I have read the mails yesterday, I thought: do you really want to build your software with such a broken tool and it's ecosystem? Can you not just tell the plug-in authors to fix their shit and fix your API to work correct?
> Amazon S3 software dilettantes: Fix your EC2 security software to not undermine the Java security system! I can bring many more: Don't do that in security relevant tools or build systems many people rely on!
> Today is the worst day in Java history.

Hello Uwe,

I appreciate your enthusiasm, but please let's try to keep this
discussion focused.


pgp key: PGP Key ID: 80F240CF
Fingerprint: BA39 9666 94EC 8B73 27FA  FC7C 4086 63E3 80F2 40CF

Java Champion - Blog: - Twitter: @neugens
Proud GNU Classpath developer:

Please, support open standards:

More information about the jigsaw-dev mailing list