Code review request, 7127524 P11TlsPrfGenerator has anonymous inner class with serialVersionUID

Tom Hawtin tom.hawtin at oracle.com
Mon Aug 5 16:16:47 UTC 2013


On 01/08/2013 06:36, Xuelei Fan wrote:
> An anonymous class cannot make any guarantees about serialization
> compatibility since has a compiler-generated, implementation-specific
> name that may vary uncontrollably. It is nonsensical for an anonymous
> class to define a serialVersionUID.

Although it can't give guarantees about serialisation, that doesn't mean 
that it doesn't. We probably don't want to upset anything relying upon 
it. Having said that, in this case it doesn't seem to be reasonably 
accessible. Shame there isn't a good way of marking a class 
non-serialisable.

Tom




More information about the security-dev mailing list