Exporting - the wrong default?
Stephen Colebourne
scolebourne at joda.org
Thu Jul 28 14:58:43 UTC 2016
On 28 July 2016 at 15:24, Andrew Dinn <adinn at redhat.com> wrote:
> On 28/07/16 14:09, Stephen Colebourne wrote:
>> No more packages would be exposed than with the current proposal. No
>> more headache inducing problems would be created.
>
> The need for analgesic relief stems from this default being risky in a
> way that the opposing default is not. Forgetting to export a new package
> cannot compromise the security of the deployment (even though it might
> indeed compromise its functionality). Forgetting to restrict access can
> pass unnoticed whilst granting access to clients wiht larcenous intent.
Sure, I understand the point. I just can't see it being particularly
relevant when most modules need to export everything.
Whereas I can see that forgetting to export a package would be fairly
common and really annoying, as it would require a new release to solve
(given that it would only be when someone tries to use the package
that you get told about the stupid mistake of not exporting it.)
Stephen
More information about the jigsaw-dev
mailing list