Re: RFR: 8318096: Add getParams method in PublicKey and PrivateKey [v2]

2023-10-17 Thread David M . Lloyd
On Tue, 17 Oct 2023 19:48:26 GMT, Weijun Wang wrote: >> Add `getParams` to `PublicKey` and `PrivateKey` so it's available to all >> current and future public and private keys. >> >> No test. Might add one. > > Weijun Wang has updated the pull request incrementally with one additional > commit

Re: RFR: 8318096: Add getParams method in PublicKey and PrivateKey [v2]

2023-10-18 Thread David M . Lloyd
On Wed, 18 Oct 2023 18:23:31 GMT, Weijun Wang wrote: > > Would `getParameterSpec` be a better/more descriptive name, given that the > > thing it returns is an `AlgorithmParameterSpec`? > > > > > > (Disclosure: Our security library (WildFly Elytron) has a > > `getParameterSpec` on every one o

Re: RFR: 8338411: Implement JEP 486: Permanently Disable the Security Manager

2024-10-15 Thread David M . Lloyd
On Tue, 15 Oct 2024 15:33:03 GMT, Daniel Fuchs wrote: >> This is a bit of forced move. Same thing with Thread.checkAccess and >> ThreadGroup.checkAccess that also have to be re-specified to throw >> unconditionally. They are called out in the CSR. > > OK While I disagree with this change on th

Re: RFR: 8338411: Implement JEP 486: Permanently Disable the Security Manager

2024-10-15 Thread David M . Lloyd
On Tue, 15 Oct 2024 16:14:58 GMT, Sean Mullan wrote: > While making `LogManager.checkAccess` be a no-op might be more convenient, it > could unconditionally permit operations that formerly required a permission > check: clearly a bad idea. Always throwing a `SecurityException` is the > safest

Re: RFR: 8338411: Implement JEP 486: Permanently Disable the Security Manager [v2]

2024-10-18 Thread David M . Lloyd
On Fri, 18 Oct 2024 19:03:30 GMT, Sean Mullan wrote: >> This is the implementation of JEP 486: Permanently Disable the Security >> Manager. See [JEP 486](https://openjdk.org/jeps/486) for more details. The >> [CSR](https://bugs.openjdk.org/browse/JDK-8338412) describes in detail the >> main ch

Re: RFR: 8348967: Deprecate security permission classes for removal [v3]

2025-04-10 Thread David M . Lloyd
On Tue, 8 Apr 2025 14:23:06 GMT, Sean Mullan wrote: >> Please review this change to terminally deprecate the following security >> related permission classes: `java.security.UnresolvedPermission`, >> `javax.net.ssl.SSLPermission`, `javax.security.auth.AuthPermission`, >> `javax.security.auth.P

Re: RFR: 8348967: Deprecate security permission classes for removal

2025-04-04 Thread David M . Lloyd
On Fri, 4 Apr 2025 12:42:36 GMT, Sean Mullan wrote: > Please review this change to terminally deprecate the following security > related permission classes: `java.security.AllPermission`, > `java.security.UnresolvedPermission`, `javax.net.ssl.SSLPermission`, > `javax.security.auth.AuthPermissi

Re: RFR: 8348967: Deprecate security permission classes for removal

2025-04-04 Thread David M . Lloyd
On Fri, 4 Apr 2025 12:42:36 GMT, Sean Mullan wrote: > Please review this change to terminally deprecate the following security > related permission classes: `java.security.AllPermission`, > `java.security.UnresolvedPermission`, `javax.net.ssl.SSLPermission`, > `javax.security.auth.AuthPermissi

Re: RFR: 8348967: Deprecate security permission classes for removal

2025-04-04 Thread David M . Lloyd
On Fri, 4 Apr 2025 14:12:55 GMT, Sean Mullan wrote: > > > Please review this change to terminally deprecate the following security > > > related permission classes: `java.security.AllPermission`, > > > `java.security.UnresolvedPermission`, `javax.net.ssl.SSLPermission`, > > > `javax.security.a