Michael Koch wrote: > What do you do if someone writes a package gnu.foobar and wants to > access it ? There are some gnu.* packages out there.
Hmm. Typically these won't be loaded by the bootstrap class loader, so it shouldn't be a problem, but if you want to avoid any possible problems we can also introduce a gnu.classpath.private.* package for all the classes that are privileged. > Do you want to > maintain the list of packages to allow ? The list of packages we need > to limit access too is much leaner and well known to us as the > packages are maintained under our control. Black listing isn't as secure as white listing. It's easy to forget to add a package and not having access to a package is better than having a security hole. Regards, Jeroen _______________________________________________ Classpath mailing list [EMAIL PROTECTED] http://lists.gnu.org/mailman/listinfo/classpath
