JDK 14 RFR of JDK-8231262: Suppress warnings on non-serializable instance fields in security libs serializable classes
Sean Mullan
sean.mullan at oracle.com
Thu Sep 26 20:55:30 UTC 2019
On 9/26/19 4:20 PM, Sean Mullan wrote:
>> Would you prefer I revise the patch where there are multiple
>> SuppressWarnings("serial") on fields to put a single one on the class
>> instead?
>
> Yes, but only in the cases where we are clearly using some form of
> alternate serialization like ASN.1 encoding. I need to double-check the
> review again (it's a bit more time consuming because I have to look at
> the code in more detail), but the two that I spotted so far are:
>
> src/java.base/share/classes/sun/security/x509/X509CertImpl.java
> src/java.security.jgss/share/classes/sun/security/krb5/internal/KRBError.java
> (from the JDK-8231368 review)
Ok, I double-checked everything. The only other class in the webrev that
uses an alternate serial form is:
sun/security/x509/X509Key.java
but since that only has one field that is not Serializable, it probably
is ok to leave as-is.
--Sean
More information about the security-dev
mailing list