PrivilegedAction et al and JEP411
Peter Firmstone
peter.firmstone at zeus.net.au
Sun Jun 25 23:15:41 UTC 2023
Will the removal process be traceable using a bug ID or JEP, until it's
completely removed, rather than bit rotted out over time?
After much thought and consideration our best option is to maintain our
own build, by maintaining patches against the upstream OpenJDK build,
this will allow us to run all existing jtreg tests, as well as implement
new tests and prevent bit rot.
Support for SM will also be removed from jtreg, so we'll need a build of
that too.
This should at least secure our future roadmap until an alternative exists.
--
Regards,
Peter
On 18/06/2023 10:15 pm, Alan Bateman wrote:
> On 18/06/2023 12:52, Peter Firmstone wrote:
>>
>> Thanks Alan,
>>
>> Personally, I would hope that nothing happens until after Java 21,
>> time is precious, we'll need all the time we can get.
>>
>> I was hoping, that all privileged actions might be retained
>> indefinitely, so that we may instrument them.
>>
> Once the SM operating mode goes away then I would expect most usages
> of privileged actions in the JDK can be removed. Leaving them for an
> "authorization layer" to instrument would be misleading. Existing
> usages will quickly bit rot. It would also be a tax on all future
> features and all ongoing maintenance.
>
> -Alan.
More information about the security-dev
mailing list