RFR: 8328914: Document the java.security.debug property in javadoc [v9]
Sean Mullan
mullan at openjdk.org
Fri Mar 7 17:22:55 UTC 2025
On Fri, 7 Mar 2025 15:46:18 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> I'd probably have to point to the CSR that introduced the +thread, +timestamp options :
>> https://bugs.openjdk.org/browse/JDK-8327569
>>
>> The "+" symbol should directly follow a valid debug option to be legitimate IMO. It's probably the most intuitive assumption also.
>>
>> note that I'd like to switch on `timestamp `and `thread `options by default in a JDK feature release (maybe JDK 25)
>> They made more sense for the backport (JDK Update) release lines where addition of such meta data might have caused issue for some frameworks parsing this data.
>>
>> I just logged https://bugs.openjdk.org/browse/JDK-8350689 to track that effort.
>
> Anyone still cares about this comment?
>
> I've tried `-Djava.security.debug=certpath:ocsp,verbose+timestamp` (which follows the grammar in this PR) and there is no timestamp shown. Obviously, it's broken into `certpath:ocsp` and `verbose+timestamp` at https://github.com/openjdk/jdk/blob/940aa7c4cf1bf770690660c8bb21fb3ddc5186e4/src/java.base/share/classes/sun/security/util/Debug.java#L192 and the `+timestamp` modifier is not applied to the `certpath` option.
I think we should look into it. I think we can handle this as a follow-on bug so that we keep this issue just about the docs.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23569#discussion_r1985427298
More information about the security-dev
mailing list