As Jörn pointed out, you can also use HTTP. Could you tell me which
browser/version you're using? I'd love to figure out what's up with my HTTPS. I
can access it in all my browsers.
I understand your point about making CallerSensitive public being a non-goal of
JEP 176. But, if we're going to make getCallerClass public (which everyone in
the community seems to want), we either have to also make @CallerSensitive
public or just remove the security check of CallerSensitive's presence (which
means CallerSensitive is no longer necessary).
Nick
On Sep 1, 2013, at 4:25 AM, Alan Bateman wrote:
> On 01/09/2013 09:16, Nick Williams wrote:
>> :
>>
>> I believe I have followed all of the procedures as closely as possible. I
>> await feedback and hope for some support on this, so that we can get a
>> public replacement for this method in Java 8. Let me know if you have any
>> questions.
>>
> You may need to check your https server as it doesn't look like it's possible
> to establish a SSL connection ("no common encryption algorithms" is one of
> the errors I see).
>
> Just to set expectations, you are proposing changes in an area that is very
> security sensitive. As your patches are not currently accessible then I can't
> say whether you have taken this into account or not. I bring it up because it
> will have an influence on what we do here. Your mail also mentions moving
> sun.reflect.CallerSensitive to java.lang but as I recall, this was an
> explicit non-goal of JEP 176. So I would suggest be prepared for changes to
> the proposal, also the potential to take time to get agreement on any new
> APIs. My comments are not meant in any way to discourage you, rather just to
> highlight that this is a sensitive area.
>
> -Alan
