On Tue, 18 Oct 2022 08:19:41 GMT, Markus KARG <d...@openjdk.org> wrote:
> Does "security review" mean, that I shall proof the absence of the problem, > or does that term mean a formal process in the OpenJDK organization (and how > do I trigger it)? I sent a link to this PR to one of the security engineers and they share the concern. Have you done any performance testing with an implementation that makes a defensive copy? ------------- PR: https://git.openjdk.org/jdk/pull/10525
