It's not too late for access control
Russell Gold
russell.gold at oracle.com
Thu Jul 14 12:44:51 UTC 2016
> On Jul 12, 2016, at 1:31 PM, Eric Johnson <eric at tibco.com> wrote:
>
> What infuriates me is that in all this discussion, I don't see anyone talking about a threat analysis. What are we trying to protect, from whom, and why? I see comments about how implementation details of the JRE (such as "com.sun" packages) must be hidden, but without reference to the threats that cause a problem.
It’s primarily a maintenance issue, IMO. It is common that we provide classes and methods that are intended to be used from elsewhere inside a product, but which we do not want users to see. That is, it is much the same as the reason you use “private” for class internals - if everything is publicly accessible, people use it, and you cannot refactor your code without breaking theirs.
More information about the jigsaw-dev
mailing list