Dear Derby users,
The next feature release of Derby will close some security holes:
1) When authentication is turned on, only the owner of a database will
be allowed to shut it down, encrypt it, and hard-upgrade it.
2) When you boot the network server as the VM's entry point, the server
will attempt to install a security manager if you neglected to install
one yourself.
These changes create some incompatibilities with the behavior of Derby
10.2. The incompatibilities are described at the end of the 10.3 release
page: http://wiki.apache.org/db-derby/DerbyTenThreeRelease These
incompatibilities will particularly affect the following users:
I) Those who forcibly shutdown the database while running with
authentication turned ON.
2) Those who boot the network server with authentication turned OFF.
The Release Notes for the next feature release will document these
incompatibilities and their workarounds. Users may have to modify their
applications after upgrading to the next feature release. We don't know
how many users will be affected. However, it is likely that these
incompatibilities will affect more users than the incompatibilities
between release 10.1 and 10.2. Some people wonder whether the Release
Notes, by themselves, will provide enough warning to the affected users.
It has been suggested that:
i) we would successfully warn more users if we named the release 11.0
rather than 10.3
And it has been countered that:
ii) calling this release 11.0 will discourage adoption of what is
basically a great, safe release
We wonder what the user community thinks. In particular:
A) Would calling this release 11.0 make it less likely that you would be
blindsided by these incompatibilities?
B) Would calling this release 11.0 make it less likely that you would
install this release?
Please let us know what you think.
Thanks,
-Rick
