> On Jul 12, 2016, at 1:31 PM, Eric Johnson <e...@tibco.com> wrote:
> 
> What infuriates me is that in all this discussion, I don't see anyone talking 
> about a threat analysis. What are we trying to protect, from whom, and why? I 
> see comments about how implementation details of the JRE (such as "com.sun" 
> packages) must be hidden, but without reference to the threats that cause a 
> problem.

It’s primarily a maintenance issue, IMO. It is common that we provide classes 
and methods that are intended to be used from elsewhere inside a product, but 
which we do not want users to see. That is, it is much the same as the reason 
you use “private” for class internals - if everything is publicly accessible, 
people use it, and you cannot refactor your code without breaking theirs.




Reply via email to