An update on ecosystem concerns removing javax.security.cert
Alan Bateman
Alan.Bateman at oracle.com
Mon Apr 17 18:42:48 UTC 2023
On 17/04/2023 10:03, Eirik Bjørsnøs wrote:
>
> Sure we can delay this a few releases, but I honestly don't see
> how that will materially change the situation.
>
>
> Rethinking this, perhaps there are some benefits to not introducing
> this in an LTS release. Doing it in a release immediately following an
> LTS would allow the wider ecosystem maximum time to work on their
> solutions and do testing on non-LTS releases. It would even allow
> OpenJDK to add them back if there are critical unforeseeable concerns.
>
> So perhaps 22?
>
I don't think it's possible to suggest a release at this time. Ideally
javax.security.cert would have been removed a long time ago but the
references from classes in javax.net.ssl make it difficult for both
implementers and users of the API. So I think we are forced to kick it
down the road for now. Your effort to track down projects with usages
and create PRs is very welcome as it helps to move things along.
-Alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20230417/bdbf2997/attachment.htm>
More information about the security-dev
mailing list