Hi, I do share some concerns of the community, however many have voiced it with a better english that I could ever do. But I'd like to mention two things:
1. There is another usage that I think will be visibly impacted : in tests it's often necessary to alter part of the system to stress some parts. In doing so some libraries offer these capabilities, often by relying on an ad hoc agent ; I hope this falls in the useful application of this mechanism. I understand the goal is mostly about applications running in production, yet it's likely the effect will be visible well before code reaches production. 2. I was wondering however about the relation of this JEP with the following property : ``` -Djdk.attach.allowAttachSelf=true ``` This affects the attachment not agent loading, however I believe this JEP should at least mention this property as well as it seems directly tied to one of the mentioned problems about detecting who loads the agent. Best regards -- Brice On Wed, May 10, 2023 at 1:08 PM Volker Simonis <volker.simo...@gmail.com> wrote: > On Mon, May 8, 2023 at 9:17 PM Mark Reinhold <mark.reinh...@oracle.com> > wrote: > > > > https://openjdk.org/jeps/451 > > > > Summary: Issue warnings when agents are loaded dynamically into a > > running JVM. These warnings aim to prepare users for a future release > > which disallows the dynamic loading of agents by default in order to > > improve integrity by default. Serviceability tools that load agents at > > startup will not cause warnings to be issued in any release. > > > > - Mark > > First of all, thanks for adopting the "warning first" approach before > disabling dynamic agent loading by default. I think that's reasonable > and useful. > > I still wonder why this JEP has scope "SE"? During the discussion > about the draft (which was initially about "disallowing by default") > it was mentioned that once dynamic loading will be disabled by > default, this will be mandated in the platform spec (e.g. in the > package documentation of the java.lang.instrument package [1]). But > now that the JEP was softened to a warning, do you still plan to > mandate the warning in the SE platform spec as well? > > In general, I think the current specification (e.g. in [1]) is good > and gives vendors the freedom to choose the approach which is most > appropriate for their users (e.g. they could already now disable > dynamic agent loading by default): > > "An implementation may provide a mechanism to start agents sometime > after the VM has started. The details as to how this is initiated are > implementation specific". > > Explicitly forbidding dynamic agent loading without a command line > option in the specification seems over-regulative to me. > > Finally, I think it feels a little unfortunate that a JEP candidate > already contains and mentions the JDK release where it will be > implemented. This could create the impression that the JEP has been > targeted long before it was publicly discussed and proposed. > > Thank you and best regards, > Volker > > [1] > https://docs.oracle.com/en/java/javase/20/docs/api/java.instrument/java/lang/instrument/package-summary.html >
