On Mon, 4 Mar 2024 23:55:50 GMT, Mat Carter <maca...@openjdk.org> wrote:
>> This fixes the defect described at >> https://bugs.openjdk.org/browse/JDK-8313367 >> >> If the process does not have write permissions, the store is opened as >> read-only (instead of failing). >> >> Please note that permissions to use a certificate in a local machine store >> must be granted - in a management console, select a certificate, right-click >> -> All tasks... -> Manage Private Keys... -> add Full control to user. > > For clarification I've edited the comment in the JBS issue, replacing > "feature request" with "enhancement" so that it properly matches the > terminology used in JBS. @macarte : Thank you for the clarification. But why do you think this issue should be an Enhancement? It appears to be a minor scope, high impact defect that would block an application from production deployment. Omission of a secure environment test for security Enhancement [JDK-6782021](https://bugs.openjdk.org/browse/JDK-6782021) could not have been intentional. Its underlying requirement, like a lock on a car door, is implicit. And, even if the fix is broader than the elegant change proposed by @rebarbora-mckvak, a documentation change should be unnecessary. Given the threat of forgery, security around code signing is not optional. Windows can be part of a secure platform for activities such as this, but not when applications leave issues like this unresolved. ------------- PR Comment: https://git.openjdk.org/jdk/pull/16687#issuecomment-1981871397
