[External] : Re: JEP411: Missing use-case: Monitoring / restricting libraries

Andrew Dinn adinn at redhat.com
Thu May 20 11:27:33 UTC 2021


On 18/05/2021 23:06, David Black wrote:
> I don't think that this thinking is unique but it might not be worth
> the "cost" to Oracle to maintain something that seemingly for various
> reasons Oracle has little interest in maintaining (we're not in
> applet-land anymore). I would like to encourage proposals that mean
> that people who want to do 4, who implement further security hardening
> where others seemingly shy away, can continue to do 4.
Please don't do that. The cost Ron is talking about is not to "Oracle". 
It is a cost to the OpenJDK project as a whole.

Likewise, the lack of project team interest in maintaining the security 
manager and self-evident interest in applying resources to providing 
other, more valuable Java capabilities is not simply restricted to 
"Oracle" project members.

regards,


Andrew Dinn
-----------
Red Hat Distinguished Engineer
Red Hat UK Ltd
Registered in England and Wales under Company Registration No. 03798903
Directors: Michael Cunningham, Michael ("Mike") O'Neill



More information about the security-dev mailing list