I find this idea appealing because it places the burden of special declarations 
on a small number of developers (the framework developers) who can reasonably 
be expected to acquire the necessary expertise, rather than on the many 
developers of clients of the frameworks who have better things to do than to 
master a complex module system.

I also believe that the developers building or configuring applications should 
be able to do whatever they want, even at the risk of shooting themselves in 
the foot in a variety of ways. The need for emergency workarounds is not going 
away.

The security issue, I would imagine, is to make sure that the power given to 
builders and configurers is not accessible to rogue code at runtime. This gets 
back to the question (was it ever answered?) of identifying the security 
threats that the module system is trying to prevent. I have this intuitive fear 
that with the current module system Java will get much more complex but not 
actually more secure.

  Alan





> On Oct 14, 2016, at 2:39 AM, Oliver Gierke <ogie...@pivotal.io> wrote:
> 
> Hi,
> 
> I like the idea. Especially the aspect that it allows you to identify which 
> of the modules have privileged access at runtime.
> 
> Also I guess it might even allow only certain modules of e.g. Spring to 
> actually require that access, i.e. only the ones that perform bean 
> instantiation etc. Not sure about the breadth of that effect but at first 
> glance it sounds like it might be worthwhile fleshing out the details of your 
> suggestion (how do modules declare they want to be privileged ones? etc.)
> 
> Cheers,
> Ollie
> 
>> Am 14.10.2016 um 04:27 schrieb Nikita Lipsky <nlip...@excelsior-usa.com>:
>> 
>> Hi all,
>> 
>> 
>> 
>> Recently I have described an idea of "privileged module" --
>> http://mail.openjdk.java.net/pipermail/jigsaw-dev/2016-October/009636.ht
>> ml
>> <http://mail.openjdk.java.net/pipermail/jigsaw-dev/2016-October/009636.h
>> tml>  :
>> 
>> 
>> 
>> "privileged module" may reflect on any unexported (and exported) type of
>> other resolved modules of a layer that it belongs to.
>> 
>> DI/JPA frameworks are subjects for "privileged modules".
>> 
>> 
>> 
>> "Privileged module" moves responsibility of weakened strong
>> encapsulation from user modules (via weak module or dynamic export
>> concepts) to framework modules.
>> 
>> 
>> 
>> I would greatly appreciate if someone could give me any feedback on it.
>> 
>> 
>> 
>> Regards,
>> 
>> Nikita
>> 
>> 
> 
> --
> /**
> * @author Oliver Gierke - Senior Software Engineer
> *
> * @param email ogie...@pivotal.io
> * @param phone +49-151-50465477
> * @param fax   +49-351-418898439
> * @param skype einsdreizehn
> * @see http://www.olivergierke.de
> */
> 

Reply via email to