<various snips> auditors pressed us to include the main (consolidated) application load library in LINKLIST. Their argument was that LINKLIST was a known commodity
I've been told that "user libraries" like this should never be in the linklist. when we migrated from VSE to z/OS in 2010 I was almost burned as a heretic for suggesting that user application libraries be placed in the linklist... </snips> One might say that it is never appropriate to put something like this into the LNKLST unless running with LNKAUTH=APFTAB, in the name of system integrity. Otherwise, when accessed through the LNKLST the modules are treated as APF-authorized, and the modules within such a library might well not have been "blessed" as conforming to the integrity requirements of such an environment. We almost always find integrity flaws in code that was written for an unauthorized environment that then gets moved unchanged (or at least unexamined) to an authorized environment. If an auditor "pressed", then (if not also insisting on LNKAUTH=APFTAB), that auditor most likely was wrong. Peter Relson z/OS Core Technology Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
