Kathey Marsden wrote:
Rick Hillegas wrote:
The system privileges work (DERBY-2109) will introduce a compatibility
issue for 10.4.
Thank you Rick for bringing up this issue.
1) If the customer has written their own security policy file (the
usual and recommended situation), then the customer will need to add
some extra permissions to that policy file.
The need to change the policy file at the end user site is one of the
most disruptive upgrade requirements and I feel will discourage or cause
problems with upgrade, so I think should be done incrementally. Perhaps
we could have a strong warning for 10.4 and then make the policy file
change a requirement for 10.5. Of course one could argue that delaying
the pain would just mean more users are likely to be hit, so it will
be interesting to see what the feedback from others is.
Can you elaborate on why having to change the policy file is more disruptive
than most other (incompatible) changes introduced in new versions?
This will only affect users who are using a non-default policy file, and I think
(hope) most of those users are used to tweaking it and will be able to accept
this change, as long as we document clearly how to do it. Besides, I believe it
is possible to reload the security policy while the VM is running, which allows
users to fine-tune their policies quite easily.
My 2 cents: Do this for 10.4...
- but it would of course be interesting to hear from someone who actually may
be affected by this change in a production scenario.
--
John
