It's not too late for access control
Neil Bartlett
njbartlett at gmail.com
Thu Jul 14 10:36:53 UTC 2016
> On 13 Jul 2016, at 23:33, Paul Benedict <pbenedict at apache.org> wrote:
>
> If I may opine on this matter -- and do so respectfully toward all parties
> mentioned -- aside from Tim Ellison responding first, every other message
> is between David and Mark. The discussion thread is a really good read and
> a strong point/counterpoint match. However, there are 9 people on the
> Expert Group [1]. What do the other 6 experts think? Being an observer, I
> can see nothing but public discussion, and so all appearances on this list
> tell me the item was left unresolved. I have no idea where the EG actually
> stands as a whole on David's suggestion.
The EG is not a democracy – they are there to advise and challenge the Spec Lead. So you can interpret the direction of the JSR based on whether EG members (mostly David) have had any success in persuading Mark of their arguments.
I do share your concern about the lack of engagement by the other EG members. Most egregiously: Jason van Zyl, Wayne Beaton and Hans Dockter have posted no messages after their initial hellos, and Bob Lee did not even do that basic courtesy and has posted exactly zero messages to date.
Apparently most of the experts have no opinion on the biggest ever change in the Java platform — unless they all agree with Mark so completely that they feel no need to comment?
> I remember reading these exchanges
> live, and curiously wondering why there are no additional agreements or
> disagreements? My best theory then and now is this: Thanksgiving and
> Christmas happened. It appears the holidays interrupted. Just my 2 cents.
Thanksgiving is only an excuse for the Americans on the list ;-)
Neil
>
> [1] http://openjdk.java.net/projects/jigsaw/spec/
>
> Cheers,
> Paul
>
> On Wed, Jul 13, 2016 at 4:38 PM, David M. Lloyd <david.lloyd at redhat.com>
> wrote:
>
>> On 07/13/2016 04:17 PM, mark.reinhold at oracle.com wrote:
>>
>>> 2016/7/11 7:21:46 -0700, david.lloyd at redhat.com:
>>>
>>>> ...
>>>>
>>>> I propose, once again, that rather than changing the meaning of "public"
>>>> to something unintuitive (and indeed counter to the definition of the
>>>> actual word), we instead allow the selective extension of
>>>> package-private. ...
>>>>
>>>
>>> FYI, to jigsaw-dev readers: This approach was discussed on the JPMS EG
>>> list late last year. Here are links to the relevant messages:
>>>
>>>
>>> http://mail.openjdk.java.net/pipermail/jpms-spec-experts/2015-November/000194.html
>>>
>>> http://mail.openjdk.java.net/pipermail/jpms-spec-experts/2015-December/000215.html
>>>
>>> http://mail.openjdk.java.net/pipermail/jpms-spec-experts/2015-December/000219.html
>>>
>>> http://mail.openjdk.java.net/pipermail/jpms-spec-experts/2015-December/000222.html
>>>
>>> http://mail.openjdk.java.net/pipermail/jpms-spec-experts/2015-December/000223.html
>>>
>>> http://mail.openjdk.java.net/pipermail/jpms-spec-experts/2015-December/000227.html
>>>
>>> http://mail.openjdk.java.net/pipermail/jpms-spec-experts/2015-December/000228.html
>>>
>>
>> Also note that the discussion tapered off inconclusively before really
>> discussing the possibility of selectively opening the package-private level
>> to friends. The above links are mostly about the idea of changing
>> package-private to mean module-private, which was dismissed as problematic.
>>
>> Using the selective extension of package-private does not suffer from the
>> fatal security problems caused by simple recompilation from -target 8 to
>> -target 9. The status quo is maintained in this case; users would have to
>> opt in to extending access, just as Jigsaw requires users to opt in to make
>> public classes available right now.
>>
>> --
>> - DML
>>
More information about the jigsaw-dev
mailing list