[External] : Re: JEP411: Missing use-case: Monitoring / restricting libraries

Peter Firmstone peter.firmstone at zeus.net.au
Fri May 21 01:40:31 UTC 2021


If there are those of us who wanted to maintain a fork of Java 17, 
focused on security, we could backport new features after they've been 
reviewed for security.

Would we be welcomed to do that here?  Otherwise is it something we 
should do on GitHub?

Cheers,

Peter.

On 21/05/2021 11:25 am, David Black wrote:
> On Thu, 20 May 2021 at 21:27, Andrew Dinn <adinn at redhat.com> wrote:
>> On 18/05/2021 23:06, David Black wrote:
>>> I don't think that this thinking is unique but it might not be worth
>>> the "cost" to Oracle to maintain something that seemingly for various
>>> reasons Oracle has little interest in maintaining (we're not in
>>> applet-land anymore). I would like to encourage proposals that mean
>>> that people who want to do 4, who implement further security hardening
>>> where others seemingly shy away, can continue to do 4.
>> Please don't do that. The cost Ron is talking about is not to "Oracle".
>> It is a cost to the OpenJDK project as a whole.
> Sorry about that, that is a good point.
>
>> Likewise, the lack of project team interest in maintaining the security
>> manager and self-evident interest in applying resources to providing
>> other, more valuable Java capabilities is not simply restricted to
>> "Oracle" project members.
>>
>> regards,
>>
>>
>> Andrew Dinn
>> -----------
>> Red Hat Distinguished Engineer
>> Red Hat UK Ltd
>> Registered in England and Wales under Company Registration No. 03798903
>> Directors: Michael Cunningham, Michael ("Mike") O'Neill
>>
>
-- 
Regards,
  
Peter Firmstone
0498 286 363
Zeus Project Services Pty Ltd.



More information about the security-dev mailing list