PrivilegedAction et al and JEP411
Andrew Dinn
adinn at redhat.com
Tue Jun 20 11:08:41 UTC 2023
On 20/06/2023 11:27, Peter Firmstone wrote:
> I understand the economic motivations behind the decision, call that a
> corporate plot if you like. Do I have to be happy about it? No.
Well, no, actually ... I won't call it that. Indeed, you are signally
missing (or evading) my point with that comment. Which is that you
raised the spectre of a corporate plot simply because you are unhappy
that no one agrees with you on the importance of this feature.
Contrary to what you state above this is not really anything to do with
economic costs. There are costs we are actually interested in avoiding
here but they are lost opportunity costs. We as a project apply our
efforts to maintain and upgrade a language runtime that is simple,
clear, coherent and effective. It is true that we do not have an
unlimited budget to achieve that end. However, dropping the security
manager is not being done to free up resources for something else. If we
had more people and money we would still want to drop it. The reason for
that is that it is provides a bad model for managing security concerns,
which is hard to use and, hence, hardly used as a result. We have
already provided better ways to address security concerns and we will
continue to do so as Java evolves.
regards,
Andrew Dinn
-----------
More information about the security-dev
mailing list