RFR: 8155246: Throw error if default java.security file is missing
Anthony Scarpino
ascarpino at openjdk.org
Mon Aug 8 18:37:05 UTC 2022
On Thu, 4 Aug 2022 15:22:23 GMT, Sean Coffey <coffeys at openjdk.org> wrote:
> In the broken case where the conf/security/java.security configuration file doesn't exist, the JDK should throw an Error.
>
> CSR in progress.
What's the need for this change? Perhaps I'm missing the bigger problem here. Certainly not having a java.security file is sub-optimal and I suspect very very rare, but throwing exceptions that breaks existing apps seems like a big hammer and would now need a property added to override
Doing this change for jdk-dev only I could see, but as the CSR points toward backporting, that seems more risky
-------------
PR: https://git.openjdk.org/jdk/pull/9747
More information about the security-dev
mailing list