Ping: RFR: JDK-8243012: Fix issues in j.l.i package info
serguei.spitsyn at oracle.com
serguei.spitsyn at oracle.com
Tue May 12 20:40:02 UTC 2020
Hi Alex,
This seems to resolve most of the Alan's concerns.
Though, I'm not sure if we can treat users that deploy and use agents as
developers.
Otherwise, we may want to tweak the last sentence a little bit:
"Developers or administrators that deploy agents, deploy applications
that
package an agent with the application, or anyone using a tools that
loads agents into a
running application, are responsible for verifying the trustworthiness
of each
agent including the content and structure of the agent JAR file.
But let's wait for Alan's opinion.
Thanks,
Serguei
On 5/12/20 12:57, Alex Menkov wrote:
> Hi Alan, Serguei,
>
> lets try one more time :)
>
> What about:
>
> Agents can transform classes in arbitrary ways at load time, transform
> modules, or transform the bytecode of methods of already loaded classes.
> Developers or administrators that deploy agents, deploy applications that
> package an agent with the application, or use tools that load agents
> into a
> running application, are responsible for verifying the trustworthiness
> of each
> agent including the content and structure of the agent JAR file.
>
>
> please let me know what do you thinks, I'll prepare & publish new
> webrev as soon as we get agreement about the paragraph.
>
>
> --alex
>
> On 05/12/2020 00:59, Alan Bateman wrote:
>> On 11/05/2020 22:14, Alex Menkov wrote:
>>>
>>>
>>> Updated webrev:
>>> http://cr.openjdk.java.net/~amenkov/jdk15/java_instrument_spec/webrev.2/
>>>
>>>
>>> --alex
>> This doesn't work for me because it drops the important point that
>> the developer/admin is also responsible when deploying an agent that
>> packages an agent with the application. Also anyone using a tool that
>> loads agents into a running VM has responsibility too. So I think
>> these points need to be included.
>>
>> -Alan.
More information about the serviceability-dev
mailing list