Code review request, 7127524 P11TlsPrfGenerator has anonymous inner class with serialVersionUID
Tom Hawtin
tom.hawtin at oracle.com
Mon Aug 5 16:16:47 UTC 2013
On 01/08/2013 06:36, Xuelei Fan wrote:
> An anonymous class cannot make any guarantees about serialization
> compatibility since has a compiler-generated, implementation-specific
> name that may vary uncontrollably. It is nonsensical for an anonymous
> class to define a serialVersionUID.
Although it can't give guarantees about serialisation, that doesn't mean
that it doesn't. We probably don't want to upset anything relying upon
it. Having said that, in this case it doesn't seem to be reasonably
accessible. Shame there isn't a good way of marking a class
non-serialisable.
Tom
More information about the security-dev
mailing list