RFR: 8173827: Remove forRemoval=true from several deprecated security APIs

Sean Mullan sean.mullan at oracle.com
Fri Feb 3 14:02:16 UTC 2017 

On 2/2/17 7:08 PM, Stuart Marks wrote:
> Hi Claes,
>
> The text of JEP 277 [1] has the following:
>> Given the history of deprecation in Java SE, and the emphasis on long
>> term API compatibility across versions, removal of an API is a matter
>> of serious concern. Therefore, deprecation with the element
>> |forRemoval=true| should be applied only when there is a clear and
>> definite plan for removing that API in the next release of the Java SE
>> platform.
> It sounds like Sean has identified enough dependencies on these APIs
> that they shouldn't be removed in JDK 10, so not marking them
> forRemoval=true in JDK 9 makes sense.

Correct. There are several Java EE projects that still have dependencies 
on these APIs, and one of the dependencies is in a standard EE API which 
would require a specification change: 
https://java.net/jira/browse/EJB_SPEC-130.

We still believe that these APIs should eventually be removed from SE, 
but we need to make sure these projects and the EE community is 
prepared for it.

Thanks,
Sean

> s'marks
>
>
> [1] http://openjdk.java.net/jeps/277
>
>
>
> On 2/2/17 1:22 PM, Claes Redestad wrote:
>> -1
>>
>> AFAIU, forRemoval=true is not saying anything about *when* each
>> deprecated method/class will be removed (although there might be an
>> expectation that it should be in the next major release if possible,
>> i.e., 10); if there's concern like here that some known application or
>> library won't be ready for it then I dont see why we shouldnt simply
>> defer the actual removal to some later release rather than drop the
>> intent to remove like this.
>>
>> /Claes
>>
>>
>>
>> Sean Mullan <sean.mullan at oracle.com> skrev: (2 februari 2017 19:35:03
>> CET)
>>
>>     Please review this change to undo, or remove the forRemoval=true element
>>     from the Deprecated annotation of a number of security APIs. Since
>>     marking these APIs for removal in a future version of SE, it has since
>>     been reported that some external applications/code are still using these
>>     APIs, and there is concern that there may not be enough advance notice
>>     to adapt their code to transition away from these legacy APIs and/or
>>     replace them with newer APIs before they would be removed.
>>
>>     bug: https://bugs.openjdk.java.net/browse/JDK-8173827
>>     webrev: http://cr.openjdk.java.net/~mullan/webrevs/8173827/webrev.00
>>     <http://cr.openjdk.java.net/%7Emullan/webrevs/8173827/webrev.00>/
>>
>>     Thanks,
>>     Sean
>>
>>
>> --
>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>

More information about the security-dev mailing list