Will we need to use the --enable-native-access option to enable JNI in the future?
Brian Goetz
brian.goetz at oracle.com
Mon Sep 20 14:39:45 UTC 2021
> Overall, the arguments in this email are a mixture of:
>
> * since JNI is unsafe anyway, what's the point of restricting Panama
> * restricting Panama will hinder adoption in some way
Developers frequently make these arguments with the mistaken assumption
they are arguing *against* the restrictions. But these arguments could
be equally well applied to "so let's lock down JNI as soon as
possible!" And if it is in fact either-or (which it isn't, as Maurizio
points out), we have to ask ourselves which approach gets us to a better
place in the long run. And that is clearly "lock down unsafe native
code so that the application assembler has to consent".
Now, it isn't either-or, which is what makes the current path the
pragmatic choice -- make Panama safe from day 1, and follow up with
making JNI safer later.
More information about the panama-dev
mailing list