[External] : Re: JEP411: Missing use-case: Monitoring / restricting libraries
Andrew Dinn
adinn at redhat.com
Thu May 20 11:27:33 UTC 2021
On 18/05/2021 23:06, David Black wrote:
> I don't think that this thinking is unique but it might not be worth
> the "cost" to Oracle to maintain something that seemingly for various
> reasons Oracle has little interest in maintaining (we're not in
> applet-land anymore). I would like to encourage proposals that mean
> that people who want to do 4, who implement further security hardening
> where others seemingly shy away, can continue to do 4.
Please don't do that. The cost Ron is talking about is not to "Oracle".
It is a cost to the OpenJDK project as a whole.
Likewise, the lack of project team interest in maintaining the security
manager and self-evident interest in applying resources to providing
other, more valuable Java capabilities is not simply restricted to
"Oracle" project members.
regards,
Andrew Dinn
-----------
Red Hat Distinguished Engineer
Red Hat UK Ltd
Registered in England and Wales under Company Registration No. 03798903
Directors: Michael Cunningham, Michael ("Mike") O'Neill
More information about the security-dev
mailing list