Reading binary data

Samuel Audet samuel.audet at gmail.com
Mon Nov 18 01:26:41 UTC 2019 

No, that's not what I'm saying, "safety" is not "security", although 
there's some overlap. What I am saying is that I'm OK with the way JNI 
has been handling safety, but OpenJDK does not seem happy about it. If 
that's the case, before coming up with a whole new API, and then telling 
us that we can't use it because it's not safe and there's no flag or 
something that we can use to satisfy your concerns, why hasn't that been 
fixed, first? And when is it going to get fixed?

Anyway, you're saying you can't make more information public at this 
point about that, that's too bad. As with anything related to C++, I'm 
simply trying to get as much information as I can. OpenJDK should really 
be more "open"...

Samuel

On 11/16/19 7:18 PM, Brian Goetz wrote:
> The underlying argument you are hinting at here is simply flawed.  Adding functionality has value; improving platform security also has value.  The argument that “it was insecure before and I didn’t die, so improving security here is unacceptable” is misguided.
> 
> I get that improving security here may be inconvenient for some users; security often is.  If what you are saying is “hey, be aware there are consequences for users”, rest assured we are well aware of the trade offs here.
> In any case, I don’t think there’s much more to discuss on this right now; your point is noted.  When there is a concrete proposal there may be more to discuss.
> 
> Sent from my MacBook Wheel
> 
>> On Nov 16, 2019, at 1:19 AM, Samuel Audet<samuel.audet at gmail.com>  wrote:
>>
>> Maurizio,
>>
>> I think providing unrestricted access in some way is pretty fundamental. Could you elaborate on why these mechanisms to "gate" that functionality have not been worked on until now?
>>
>> I mean, we could have been using mechanisms like that since forever. It would be useful in the same way when some random dependency we were not aware of starts using JNI, and crashes. So why hasn't this been done before now? What are the reasons why this has not been a top priority?
>>
>> Samuel

More information about the panama-dev mailing list