It's not too late for access control

[Sanne Grinovero]

On Tue, Jul 12, 2016 at 9:25 PM, Alan Bateman <Alan.Bateman at oracle.com> wrote:
> On 12/07/2016 18:31, Sanne Grinovero wrote:
>
>> :
>> As a maintainer and contributor to several popular Java open source
>> libraries my experience is that in practice very few existing
>> libraries will "just work" in Java 9 out of the box: people will have
>> to update their code. This is based on my experience, as some of these
>> projects have dozens of dependencies and it's taking a long time to
>> identify each problematic point, discuss patches, getting other
>> communities to release timely, an often there is need for "recursive
>> releases" and various iterations for each problem as they get
>> identified, for each dependency.
>
> Going off-topic slightly but when you do run into issues and if they aren't
> already listed as compatibility issues then please bring them up. So far
> then I think the vast majority of issues that we have heard about relate to
> the changes in JEP 220 (tools.jar going away etc), JEP 223 and the new
> version-string scheme, the class file version bump in jdk-9+119, and then
> all the issues that we have listed in JEP 261. Any help getting bugs
> submitted to projects would be appreciated too.
>
> The issue that `public` no longer implies accessible is listed in JEP 261
> (first item in the Risks and Assumption) but to be honest, has barely come
> up to date. That probably isn't too surprising as it's still early days for
> modules and many projects aren't trying out JDK 9 yet. Anyone trying out
> modules where a "module unaware" framework gets a reference to a public type
> in a non-exported package might run into it of course but I'm not aware of
> any reports yet.


Hi Alan, you're spot-on about JEP-220: myself and my colleagues have
sent patches to numerous projects to which I normally don't contribute
to, just to fix our dependencies, such as Maven.

But please be aware of how many of the OSS projects in the Java
community are organised: some will have integration tests running in
modular environments, like WildFly which is based on David Lloyd's
JBoss Modules, or for OSGi tests it seems popular to use Apache Karaf.
Many others don't have any "modular" or "container" integration tests
and are not aware of what's coming.. since in my team we package some
of these for usage in modular environments, I'm painfully aware of
problems coming but it's no easy task to convince them for the need to
test now.

When I get in touch to try convey a sense of urgent need to test
Jigsaw, and sometimes successfully, then people realise that their
whole toolchain, not least the testing environment, blows up with
errors which are often too complex or simply too unrelated to the
project itself.

So what happens is that such projects go to communities like WildFly
and OSGi for advice, where the typical answer is among the lines "I
know, we're discussing such things on the jigsaw-dev list, watch
thread XY, or watch #MyIssueCategory on Mark's blogs".

In short, please be aware that David Lloyd isn't making such
suggestions just for WildFly itself, but is pre-processing and
summarising feedback from hundreds of projects there. The ones who
care are lurking on this list hoping to see answers for issues which
have been raised already, but not many feel competent enough to join
the conversation directly (and this might be a good thing!).

Some other hundred of projects are relying on Andrew Dinn's project
Byteman for testing, they have also been concerned but didn't back
Dinn's proposals explicitly on this list as we feel he represents the
interests of all such users. Not sure if you want us to organise a
storm of "+1" emails as I'm confident that reason will win over
spamming strategies and populism (or should I say "modern democracy").

I can't say what other OSGi frameworks are doing, but for example
testing Hibernate in OSGi requires Apache Karaf, which is stuck on
issues like:
 - https://issues.apache.org/jira/browse/KARAF-3518

(I've talked again with some friends in the Karaf team last week and
they will try again now, but you get the point that people are waiting
rather than reporting here)

Clearly some projects are waiting for alternatives and answers to be
provided before proposing their own solutions. As an example,
personally I'm on the Hibernate team and we're very interested to see
how reflective access is going to work, but since Jason Greene
summarised our concerns very well already on a different thread, I'll
just let you know that we stand behind this and feel no need to add
further details.. I hope it's clear though that such things need to be
answered before we can decide how to test things further, and I
wouldn't expect large numbers of complaints from all other projects:
as these platforms are waiting for answers to very concrete issues,
there's a bottleneck and you probably won't see feedback on the
smaller issues either, as there's no much progress in testing until
Jigsaw brings some clarity and concrete solutions materialise.

I hope this helps understanding why such issues have "barely come up
to date". That doesn't make them less of a blocker issue though.

Thanks,
Sanne


>
> -Alan.