My situation requires me to support the Java Security Manager on Java 8 as well as on Java 11 and Java 17. We did finally decide to stop supporting the security manager if you are running on Java 21 for the products I am involved in. Regardless, I still need that code there to support the security manager when present.
Tom On Wed, Jul 24, 2024 at 11:25 AM Carsten Ziegeler <cziege...@apache.org> wrote: > You are not unique in that respect :) we'll have so support Java 8 for > some years as well. > > But java 8 / security manager removal are not necessarily the same thing > - we can continue to base our code on Java 8 - just not support the > security manager anymore. Not sure if that is an option for you? > > I totally agree that we should avoid branches, that creates too much > work without a real benefit. > > Regards > Carsten > > On 24.07.2024 14:47, Thomas Watson wrote: > > I may be in a unique position of having to support Java 8 until > > around October 2026. I suspect they will only make the methods no-ops > > (return null for getSecurityManager, do nothing on doPrivileged etc.) > until > > the extended support of Java 8 expires in 2030. I would not aggressively > > remove the optional usage of the security manager unless you have other > > needs to bump the minimum required execution environment of the bundle. > > For the few Felix bundles I am involved with I do not plan to update > their > > minimum execution environment for the main development branches beyond > Java > > 8 for the time being. If the community wants to be more aggressive there > > then I will have to resort to a branch to maintain the previous version > of > > the bundle to continue supporting Java 8. For things like SCR I will not > > look forward to having to double deliver fixes though ... > > > > Tom > > > > > > On Wed, Jul 24, 2024 at 7:14 AM Carsten Ziegeler <cziege...@apache.org> > > wrote: > > > >> Hi, > >> > >> java security manager has been deprecated with Java 17 and is in the "to > >> be removed" list (see [1]) > >> > >> We have (optional) usage of the security manager all over the place in > >> our code base. > >> > >> I'm wondering if it is time to remove that code now or do we wait until > >> it actually gets removed? Or...? > >> > >> [1] > >> > >> > https://docs.oracle.com/en/java/javase/21/docs/api/java.base/java/lang/System.html#getSecurityManager() > >> > >> Regards > >> Carsten > >> -- > >> Carsten Ziegeler > >> Adobe > >> cziege...@apache.org > >> > > > > -- > Carsten Ziegeler > Adobe > cziege...@apache.org >
