I have a few suggestions to deal with the sealing issue (and remember, I
don't really know if it's an issue yet).
1. Add a non-standard JAR extension that allows for a "friend" signer. This
is ultimately doable and should be secure.
2. Put a special case into the primordial ClassLoader that allows the VM's
classes to be placed into a package regardless of whether it's sealed. This
is feasible, and more secure than the first option, but I am not sure if it
handles all cases since the primordial ClassLoader may not be the only one
that loads java.lang classes. Packages are sealed only over their own
namespace.
--John
