On 30.05.2017 16:21, Remi Forax wrote: [...]
the big monolithic module is a good transition solution, i've done that with Aether to get access to Maven Central inside a fully modularized project, but it's like with automatic modules, it's just a temporary solution that you can use in your application and not something you can do if you want to publish a library.
I see it more as intermediate solution... and like it is with solutions like that, it will be the final solution for a long time. Maybe I would go with two flavors for the modules. One is the big monolith, the other is after a jar has been freed from the split package problem. In that case your project can depend on the small module, which will transitively depend on the shrunken monolith. This allows the project a transition phase of undetermined length and shows it is still future proof. One could even consider using a bytecode rewriting tool and let the monolith use the old package names.
Probably because nobody really cared about how easily the Java platform can be exploited. Well, I dare to say, that we have been especially bad here. Not that any of the exploits I know the specifics about, would not be working anymore in JDK9... sorry I digress.
Of course if you are in a situation like we are, then all this will not help, because we have split package problems with third party projects. Our own fault, really, yes... but the split package problem is not something many people have been aware of it seems. Especially since in our case it was really only a name space question, not a question about access rights at all.
bye Jochen
