[External] : Re: JEP411: Missing use-case: Monitoring / restricting libraries
Alan Bateman
Alan.Bateman at oracle.com
Tue May 18 09:13:58 UTC 2021
On 18/05/2021 08:36, Peter Firmstone wrote:
> :
>
> It's a perception issue, I understand, but we can fix that far less
> painfully.
With respect, I don't see a viable route here. SM/AccessController and
most of that security architecture has been an albatross around our
necks for years. This JEP is the first step in pulling the JDK out of
the sandboxing and policy enforcement business. It will take several
releases and years to get there. Yes, it will be painful for those that
have embraced this architecture but there will be years of supported
releases to plan or develop alternatives. There is a wider group that
have been using the SM as a means to intercept network, file and several
other operations. This is an area that might need to be exploded further
to see if an alternative solution is imported for the JDK to provider.
We don't think that this needs to be fully explored and decided on
before making progress on the deprecation.
-Alan
More information about the security-dev
mailing list