RFR: 8319332: Security properties files inclusion [v19]
Martin Balao
mbalao at openjdk.org
Fri Aug 16 15:53:57 UTC 2024
On Thu, 15 Aug 2024 17:15:33 GMT, Sean Mullan <mullan at openjdk.org> wrote:
> > We've not made a decision in regards to proposing this enhancement to old releases. With that said, I wouldn't consider anything older than 21u. If necessary, we can make backport-specific adjustments to the CSR and be more conservative.
>
> I just want to point out that it will be more difficult to backport this change now that there is a specification change in `Security.getProperty` and `Security.setProperty` to throw IAE. It would have been nice to somehow treat the "include" property as a directive instead of a property, but I'm not sure if that can be done within the format of a properties file.
Yes, I agree that `include` is a directive more than a property. While we have now reserved the token in the syntax and treat it differently —as a directive, indeed—, we have to deal with this programmatic API to the map that allows to express more property names due to the lack of syntactic restrictions.
@wangweij , given that things would be more difficult for backports and in the interest of not ruling out that option, would you be okay with going back to silent mode for `Security.getProperty` and `Security.setProperty`? Do you have any other idea in mind?
-------------
PR Comment: https://git.openjdk.org/jdk/pull/16483#issuecomment-2293751790
More information about the security-dev
mailing list