Re: [jakartaee-platform-dev] Reduce emphasis on security manager in EE 1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jakartaee-platform-dev] Reduce emphasis on security manager in EE 10?

From: "Kevin Sutter" <sutter@xxxxxxxxxx>
Date: Thu, 5 Aug 2021 08:14:53 -0500
Delivered-to: jakartaee-platform-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jakartaee-platform-dev/>
List-help: <mailto:jakartaee-platform-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jakartaee-platform-dev>, <mailto:jakartaee-platform-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jakartaee-platform-dev>, <mailto:jakartaee-platform-dev-request@eclipse.org?subject=unsubscribe>

As a start, we should at least recognize this eventual deprecation and removal in the appropriate specifications. Also, some type of messaging in the TCK runs would probably be appropriate if running with JDK 17 -- just to explain why we're running tests against a deprecated feature. I think this minimal effort would be good for Jakarta EE 10.

---------------------------------------------------
Kevin Sutter
STSM, Jakarta EE and MicroProfile architect @ IBM
e-mail: sutter@xxxxxxxxxx Twitter: @kwsutter
phone: tl-553-3620 (office), 507-253-3620 (office)
LinkedIn: https://www.linkedin.com/in/kevinwsutter

Part-time schedule: Tue, Wed, Thu (off on Mon and Fri)

From: "Scott Stark" <starksm64@xxxxxxxxx>
To: "jakartaee-platform developer discussions" <jakartaee-platform-dev@xxxxxxxxxxx>
Date: 07/29/2021 09:44
Subject: [EXTERNAL] Re: [jakartaee-platform-dev] Reduce emphasis on security manager in EE 10?
Sent by: "jakartaee-platform-dev" <jakartaee-platform-dev-bounces@xxxxxxxxxxx>

Just a clarification, the security manager is being deprecated in 17 for removal in a later version. The current JEP says it will start to be degraded in 18:
https://openjdk.java.net/jeps/411

I think we are fine with making security tests optional, but then the issue of reporting the status of optional tests in TCK runs comes up. We had the discussion of making the status of optionality results manifest in compatibility requests, but our position was that this should be handled by the TCK reporting.

On Jul 29, 2021 at 8:51:46 AM, arjan tijms <arjan.tijms@xxxxxxxxx> wrote:
Hi,

The Jakarta Platform has a very strong emphasis on the security manager, especially when it comes to TCK testing. A lot (or everything?) is tested with the security manager enabled, and constituent specs and implementations have to comply with that.

As the security manager has been deprecated for removal in JDK 17, I wonder if we should not start taking the first steps in EE 10 to anticipate for this, even though EE 10 is not targeting JDK 17.

Perhaps we could start with making security manager enabled TCK runs optional?

Kind regards,
Arjan
_______________________________________________
jakartaee-platform-dev mailing list
jakartaee-platform-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jakartaee-platform-dev_______________________________________________ jakartaee-platform-dev mailing list jakartaee-platform-dev@xxxxxxxxxxx To unsubscribe from this list, visithttps://www.eclipse.org/mailman/listinfo/jakartaee-platform-dev

References:
- [jakartaee-platform-dev] Reduce emphasis on security manager in EE 10?
  - From: arjan tijms
- Re: [jakartaee-platform-dev] Reduce emphasis on security manager in EE 10?
  - From: Scott Stark

Prev by Date: Re: [jakartaee-platform-dev] Question about meaning of `initialize-in-order` when application deployment may be multi-threaded...
Next by Date: [jakartaee-platform-dev] Reminder: Platform Dev. call -- 8 AM PDT August 10
Previous by thread: Re: [jakartaee-platform-dev] Reduce emphasis on security manager in EE 10?
Next by thread: Re: [jakartaee-platform-dev] [External] : Reduce emphasis on security manager in EE 10?
Index(es):
- Date
- Thread

Breadcrumbs