On Wed, 15 Apr 2026 08:48:04 GMT, Severin Gehwolf <[email protected]> wrote:
>>> > In a jmod-less JDK, we can propagate the `java.security` changes by >>> > passing `--ignore-modified-runtime` to `jlink`, getting a warning (expand >>> > to see an example). >>> >>> Interesting - this option seems to be undocumented and not mentioned in JEP >>> 493. Is there a reason? >> >> Yes, as you say it's not recommended to use this option. It should stay that >> way. Since it was not clear what kind of post-processing JDK vendors do >> ahead of the JEP it's been a useful option. > > So far the proposal to support includes seems a reasonable compromise: > > > --security-properties > props=<filename>:include=/etc/crypto-policies/back-ends/java.config I've been thinking more about this. The `include` option as specified above always adds the `include` statement as the last line of the `java.security` file. An equivalent way to support this would to be allow the `include` statement to be specified in the property file of the `props` option, but always add it at the end of the `java.security` file, thus making the `include` option unnecessary. This would simplify the syntax and implementation. Thoughts? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/30635#discussion_r3190230470
