Java 7 for Mac OSX
Phil Race
philip.race at oracle.com
Wed Feb 22 09:54:43 PST 2012
On 2/21/2012 4:24 PM, Richard Bair wrote:
>
> For app deploy, security is a non issue, because a desktop app has no security manager and therefore can do anything the system allows, and cannot do anything the system forbids. So for app deploy it is a red herring.
True as far as it goes for pure client/desktop apps here where that
security is a non-concern
means more that since the end-user already trusted the app to install
and be granted
privileges akin to native code, so that upgrading to fix security bugs
in the JRE against
untrusted code is pointless.
But "server" apps which respond to untrusted requests are more like web
deployed apps.
If they bundle a JRE then you need to update the whole bundle as new
more secure
JREs become available, so that unscrupulous people can't compromise your
server.
I also want to make it clear that whilst increasing security and
maintaining compatibility
are sometimes conflicting goals, that the Java SE org. has for many
years made
compatibility a key theme. We do not just pay lip service to
compatibility. We work
very hard at it. Yes, we may break apps, intentionally or
unintentionally, but its not
for the want of trying. I think overall we've become good at it, and its
really important
to customers. They do test when we ship a new release, and then they
complain
loudly and/or often if we broke something. And if we can fix that, we will.
Enterprise customers expect this. They'll go somewhere else if we aren't
serious about it.
I think you are more likely to have an app behave differently on a new
platform/version
than you are purely due to a patch upgrade in the JRE on the same
platform/version.
-phil.
More information about the macosx-port-dev
mailing list