I understand the economic motivations behind the decision, call that a
corporate plot if you like. Do I have to be happy about it? No.
There is no practical way to reimplement authorization, at the
application level, without some underlying support from the JVM, if I
remove it from my application, there will be security holes, it will be
vulnerable, therefore, I am unable to do anything about it, I have come
to the conclusion it is outside of my control. Do I have the budget to
rearchitect? No. There's no guarantee if I redesign from the ground
up, that it would be any more secure anyway, the cost is sunk I have to
live with it.
Maybe try seeing it from my perspective, I can see it from yours. Of
course you can continue name calling / making an assessment of my mental
state if you want, but it only diminishes your character in my eyes, it
doesn't insult me. Usually when the name calling starts it means the
argument has been lost. I think you're smart enough to come up with
some good technical arguments and don't need to resort to name
calling. Maybe try cooling off and replying later, that is of course
if you want to. I haven't taken it personally, everyone has their good
and bad days.
The new encapsulation improvements sound promising, if I was a young
developer, without existing software to maintain, I think I would be
happy about it.
--
Regards,
Peter
On 20/06/2023 7:33 pm, Andrew Dinn wrote:
On 19/06/2023 23:44, Peter Firmstone wrote:
OpenJDK dev's have worked hard to improve encapsulation, however
OpenJDK has made it abundantly clear, that even if the community
could maintain and improve a feature, corporate has the final say and
will do whatever they want anyway, as much as I appreciate the hard
work of OpenJDK developers, corporate has the last say.
Peter, just because you keep repeating this garbage it does not become
any more true by that mere fact of repetition.
Any OpenJDK project contributor is able to raise reasoned objections
to changes if grounded in problems that they might entail and any
reviewer can prohibit a change on the basis of a legitimate such
objection.
The truth your repeated claims belie is that no one in the project has
tried to stop removal of the security manager because no reviewer has
heard any argument for keeping it that outweighs the overwhelming
benefits to the great majority of our users of not having it
(including yours). You may not agree with that judgement but
pretending to yourself that this is happening because of some
corporate plot to stop the project doing the right thing is delusional.
regards,
Andrew Dinn
-----------
