Thanks Rick! The new release note is a definite improvement, I appreciate the time you took to do that.
bryan On Tue, Jan 15, 2019 at 5:25 PM Rick Hillegas <rick.hille...@gmail.com> wrote: > > I have checked in a new version of the 10.15.1 release notes, > incorporating Bryan's feedback about the detailed note for DERBY-6945: > http://svn.apache.org/viewvc/db/derby/code/branches/10.15/RELEASE-NOTES.html?view=co > > Additional advice always welcome. > > Thanks, > -Rick > > On 1/13/19 9:51 AM, Bryan Pendleton wrote: > > Hi Rick, > > > > Here's a few thoughts about ways we could possibly improve the > > DERBY-6945 release note: > > > > 1) In the derbyshared.jar section, we could point out that > > derbyrun.jar now includes derbyshared.jar automatically, so if you use > > derbyrun.jar for your CLASSPATH, no changes are needed for > > derbyshard.jar (at least, that seems to be my experience). > > > > 2) I think we could make the security policy section of the release > > note more explicit. I suspect this is actually likely to be the > > trickiest part of the upgrade for existing Derby users, and the > > current release note doesn't really walk them through the important > > parts of the changes. Would it be fair to say something like: The > > principal changes to the security configuration are as follows: (1) > > the new derbyshared.jar codebase needs the appropriate permissions, as > > described in the Security guide (2) The package names and class names > > have changed from Derby 10.14, so existing policy files need to adjust > > the lines which mention Derby package and class names, as described in > > the Security guide, and (3) if you are running with a MODULEPATH, > > rather than a CLASSPATH, the jdk.module.path permissions must be in > > place, as described in the Secuirty guide. > > > > 3) And do they really need to review the entire Security guide? Or do > > they just have to look at > > db-derby-10.15.1.0-bin/docs/html/security/csecjavasecurity.html ? If > > that's the only really affected area, perhaps we could make the > > release note hyperlink go directly to that section in the Security > > guide, rather than to the top-level table of contents for the entire > > Security guide, which is a bit overwhelming. :) > > > > thanks, > > > > bryan > > >
