<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
I don't see how the pending Marlin review is related to anything we
might do in the future regarding the security manager. In JavaFX 17
we already added @SuppressWarnings annotations everywhere they were
needed using the bug ID referenced below (JDK-8264139).<br>
<br>
Since the security manager is still supported in JDK 17 (and in JDK
19, for that matter), we still need to be able to run with the
security manager enabled. So there is nothing related to the SM to
fix, at least not for JavaFX 20.<br>
<br>
The question that I think Nir is asking is: what do we do in the
future given that the security manager is deprecated for removal,
and will at some point go away. That's a good question. It's not one
that needs to be answered immediately, but we should start to
discuss it soon. It's almost certain that the JDK will provide one
more step between where we are now (SM is deprecated, but still
functional) and complete removal (at which time we would not even be
able to run on that JDK without changes), that step being degraded
functionality where the APIs are still there, but they do nothing.
That would allow an application or library like JavaFX to continue
running on newer JDKs without a SM and still run on older JDKs that
support it, albeit in a deprecated fashion. That gives us a little
more time to figure this out and plan for a transition.<br>
<br>
The next time we bump the minimum JDK is probably the latest point
at which we should remove SM support from JavaFX, but we may very
well want to do it sooner. For example, I could easily imagine
JavaFX 22 being be a good point at which to remove SM support from
JavaFX, even though we are unlikely to bump the minimum JDK for
JavaFX 22.<br>
<br>
Part of the discussion will be: what, if anything, do we need in the
way of a replacement for what the SM does?<br>
<br>
-- Kevin<br>
<br>
<br>
<div class="moz-cite-prefix">On 7/30/2022 12:09 AM, Laurent Bourgès
wrote:<br>
</div>
<blockquote type="cite" cite="mid:CAKjRUT7TOO1B=U3PwXm5ntxnaL4tEqxy+=-0ZEgBau4Mm17dfQ@mail.gmail.com">
<div dir="auto">Hi,
<div dir="auto"><br>
</div>
<div dir="auto">I will fix the MarlinFX code myself, as I am
proposing an openjfx patch, that has already @SuppressWarning
lines from jdk17.</div>
<div dir="auto">See <a href="https://github.com/openjdk/jfx/pull/674" moz-do-not-send="true" class="moz-txt-link-freetext">https://github.com/openjdk/jfx/pull/674</a></div>
<div dir="auto"><br>
</div>
<div dir="auto">Kevin will review it soon, so I propose you to
ignore changes on your side to avoid conflicts in
modules/javafx.graphics/src/main/java/com/sun/marlin/**</div>
<div dir="auto"><br>
</div>
<div dir="auto">Thanks,</div>
<div dir="auto">Laurent</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">Le sam. 30 juil. 2022, 08:18,
Nir Lisker <<a href="mailto:nlisker@gmail.com" moz-do-not-send="true" class="moz-txt-link-freetext">nlisker@gmail.com</a>>
a écrit :<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Now that we are using JDK 17, the
SecurityManager is deprecated for removal. JDK-8264139 [1]
already suppressed the warnings, but we should probably
start looking at replacements as there are ~200 affected
files. What is the plan going forward?
<div><br>
</div>
<div>[1] <a href="https://bugs.openjdk.org/browse/JDK-8264139" target="_blank" rel="noreferrer" moz-do-not-send="true" class="moz-txt-link-freetext">https://bugs.openjdk.org/browse/JDK-8264139</a><br>
</div>
</div>
</blockquote>
</div>
</blockquote>
<br>
</body>
</html>