[External] : Re: JEP411: Missing use-case: Monitoring / restricting libraries

Andrew Dinn adinn at redhat.com
Thu May 20 11:27:33 UTC 2021

On 18/05/2021 23:06, David Black wrote:
> I don't think that this thinking is unique but it might not be worth
> the "cost" to Oracle to maintain something that seemingly for various
> reasons Oracle has little interest in maintaining (we're not in
> applet-land anymore). I would like to encourage proposals that mean
> that people who want to do 4, who implement further security hardening
> where others seemingly shy away, can continue to do 4.
Please don't do that. The cost Ron is talking about is not to "Oracle". 
It is a cost to the OpenJDK project as a whole.

Likewise, the lack of project team interest in maintaining the security 
manager and self-evident interest in applying resources to providing 
other, more valuable Java capabilities is not simply restricted to 
"Oracle" project members.


Andrew Dinn
Red Hat Distinguished Engineer
Red Hat UK Ltd
Registered in England and Wales under Company Registration No. 03798903
Directors: Michael Cunningham, Michael ("Mike") O'Neill

More information about the security-dev mailing list