RFR: 8173827: Remove forRemoval=true from several deprecated security APIs

Claes Redestad claes.redestad at oracle.com
Fri Feb 3 15:19:38 UTC 2017

On 02/03/2017 03:02 PM, Sean Mullan wrote:
> On 2/2/17 7:08 PM, Stuart Marks wrote:
>> Hi Claes,
>> The text of JEP 277 [1] has the following:
>>> Given the history of deprecation in Java SE, and the emphasis on long
>>> term API compatibility across versions, removal of an API is a matter
>>> of serious concern. Therefore, deprecation with the element
>>> |forRemoval=true| should be applied only when there is a clear and
>>> definite plan for removing that API in the next release of the Java SE
>>> platform.
>> It sounds like Sean has identified enough dependencies on these APIs
>> that they shouldn't be removed in JDK 10, so not marking them
>> forRemoval=true in JDK 9 makes sense.
> Correct. There are several Java EE projects that still have 
> dependencies on these APIs, and one of the dependencies is in a 
> standard EE API which would require a specification change: 
> https://java.net/jira/browse/EJB_SPEC-130.
> We still believe that these APIs should eventually be removed from SE, 
> but we need to make sure these projects and the EE community is 
> prepared for it.

Thanks Stuart and Sean for providing more context and motivation here,
I've apparently been misled on how to interpret forRemoval.

You may count this as an apology and a review. :-)



> Thanks,
> Sean
>> s'marks
>> [1] http://openjdk.java.net/jeps/277
>> On 2/2/17 1:22 PM, Claes Redestad wrote:
>>> -1
>>> AFAIU, forRemoval=true is not saying anything about *when* each
>>> deprecated method/class will be removed (although there might be an
>>> expectation that it should be in the next major release if possible,
>>> i.e., 10); if there's concern like here that some known application or
>>> library won't be ready for it then I dont see why we shouldnt simply
>>> defer the actual removal to some later release rather than drop the
>>> intent to remove like this.
>>> /Claes
>>> Sean Mullan <sean.mullan at oracle.com> skrev: (2 februari 2017 19:35:03
>>> CET)
>>>     Please review this change to undo, or remove the forRemoval=true 
>>> element
>>>     from the Deprecated annotation of a number of security APIs. Since
>>>     marking these APIs for removal in a future version of SE, it has 
>>> since
>>>     been reported that some external applications/code are still 
>>> using these
>>>     APIs, and there is concern that there may not be enough advance 
>>> notice
>>>     to adapt their code to transition away from these legacy APIs 
>>> and/or
>>>     replace them with newer APIs before they would be removed.
>>>     bug: https://bugs.openjdk.java.net/browse/JDK-8173827
>>>     webrev: 
>>> http://cr.openjdk.java.net/~mullan/webrevs/8173827/webrev.00
>>> <http://cr.openjdk.java.net/%7Emullan/webrevs/8173827/webrev.00>/
>>>     Thanks,
>>>     Sean
>>> -- 
>>> Sent from my Android device with K-9 Mail. Please excuse my brevity.

More information about the security-dev mailing list