An update on ecosystem concerns removing javax.security.cert

[Eirik Bjørsnøs]

>
> I also be concerned that existing releases of this frameworks/libs with
> dependences on javax.security.cert.X509Certificate will be in use for some
> time.
>

Based on my interaction with ecosystem projects so far, the prevalent
sentiment seems to be "we plan to deal with this once OpenJDK removes the
APIs". It seems this stalemate situation cannot really be broken before
OpenJDK goes ahead with the removal. Providers like BouncyCastle and
Conscrypt already have abstractions and build systems in place to handle
these kinds of platform differences. They seem well equipped to handle this
change.

Sure we can delay this a few releases, but I honestly don't see how that
will materially change the situation. The band-aid that needs to be ripped
at some point and the ecosystem seems to be waiting for OpenJDK to do so.

Thanks,
Eirik.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20230417/9647dd99/attachment.htm>