some config files out of conf directory

Sean Mullan sean.mullan at oracle.com
Fri Aug 4 18:40:58 UTC 2017


On 8/4/17 11:12 AM, Alan Bateman wrote:
> On 04/08/2017 07:59, Jiri Vanek wrote:
>> Hello!
>>
>> I'm packaging openjdk9 for Fedora, and following files:
>>   jdk/lib/security/blacklisted.certs
>>   jdk/lib/security/default.policy
>>
>> Seems to be config files. Still, they are in lib/security, whether all 
>> other config files were (finally! Thank you!) moved to
>>   jdk/conf/
>> and its subdirectories.  Is it intentional? Why so? Are there plans to 
>> change it?
> cc'ing security-dev in case there is more needed on this but in summary, 
> these are not intended to be edited so this is why they are in the `lib` 
> rather than `conf` directory.

Yes, Alan is correct. The default.policy file contains the permissions 
granted by default to the modules included in the JDK (that are loaded 
by the platform loader) and blacklisted.certs contains a system-wide 
list of certificates that are distrusted by the CertPath implementation 
in the JDK. They are not configuration files, they are generally meant 
to be files that typically never need to be modified.

Thanks,
Sean



More information about the security-dev mailing list