Code review request, 7127524 P11TlsPrfGenerator has anonymous inner class with serialVersionUID
Stuart Marks
stuart.marks at oracle.com
Mon Aug 5 20:29:01 UTC 2013
On 8/5/13 9:16 AM, Tom Hawtin wrote:
> On 01/08/2013 06:36, Xuelei Fan wrote:
>> An anonymous class cannot make any guarantees about serialization
>> compatibility since has a compiler-generated, implementation-specific
>> name that may vary uncontrollably. It is nonsensical for an anonymous
>> class to define a serialVersionUID.
>
> Although it can't give guarantees about serialisation, that doesn't mean that
> it doesn't. We probably don't want to upset anything relying upon it. Having
> said that, in this case it doesn't seem to be reasonably accessible. Shame
> there isn't a good way of marking a class non-serialisable.
The history of this bug is that the only reason that the serialVersionUID was
added in the first place was to get rid of a javac serialization "lint"
warning. I think javac is overzealous in issuing a warning in cases such as
this, and I've filed a bug on this. [1]
Good point about there not being a good way to make a class non-serializable.
s'marks
[1] http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7152104
More information about the security-dev
mailing list