This is an interesting issue. The nut is that data in any key-8 CSA area cannot be trusted by anything (technically), as anything could have corrupted it. There are techniques for validating what's there, but once you do that, you've obviated any reason for having it in the first place.
On the other hand, assuming your system has some decent level of control, presumably the risk of the area being corrupted is relatively low. IMHO, I'd say the previous option to ban it or not was good enough. It allows customers to choose the risk they want to tolerate. So, I'm not sure why IBM is going to all this trouble to ban it, then unban it a little bit. As far as authorized code getting tricked into doing something wrong, well, the bottom line is you run authorized code at your own risk. IBM only guarantees *their* authorized code works correctly, and that unauthorized code can't damage the system. Maybe they wouldn't state it that baldly, but that's how I see it. Speaking of auditors, losing the source to a mission-critical system (and one that has authorized code) is probably a significant "finding" or whatever they call it. Upgrading z/OS seems much like polishing the pianos on the Titanic after it hit the iceberg. Of course, it's not my dog. sas sas ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
