On Thu, 20 May 2021 at 21:27, Andrew Dinn wrote:
>
> On 18/05/2021 23:06, David Black wrote:
> > I don't think that this thinking is unique but it might not be worth
> > the "cost" to Oracle to maintain something that seemingly for various
> > reasons Oracle
On Tue, 18 May 2021 at 22:24, Ron Pressler wrote:
>
>
> > On 18 May 2021, at 07:10, David Black wrote:
> >
> >
> > I hope you aren't being rude on purpose by continuing to 1) top post
> > and 2) not ignore various parts of my emails.
> >
>
> Th
e made changes that mean
that if you try to use a custom security manager in java 11 without
referencing internal java classes you have a performance penalty - or
how there are security related applet & other hangovers that hinder
the use of the security manager in java applications).
>
&g
il subject. But I would appreciate it if you
didn't top post to reply to my email as you have left out some
concerns such as that Java 8 seemingly is still affected by
https://bugs.openjdk.java.net/browse/JDK-8161016.
> — Ron
>
> > On 17 May 2021, at 03:11, David Black wrote:
> >
&
Hi Ron
On Thu, 13 May 2021 at 20:22, Ron Pressler wrote:
>
>
>
> > On 13 May 2021, at 03:11, David Black wrote:
> >
> >
> > This seems somewhat more useful than 1 & 2 but imho it would be better to
> > be able to perform checks/grant access on a call
Hi,
I hope it is okay if I provide another
example/use case & view here.
On Thu, 13 May 2021 at 07:49, Ron Pressler wrote:
>
>
> > On 12 May 2021, at 22:41, Peter Tribble wrote:
> >
> >
> > Let me give a concrete example:
> >
> > Parsing and rendering a PDF file that may contain references to
On Fri, 16 Apr 2021 at 04:05, wrote:
> https://openjdk.java.net/jeps/411
>
> Summary: Deprecate the Security Manager for removal in a future
> release. The Security Manager dates from Java 1.0. It has not been the
> primary means of securing client-side Java code for many years, and it
>
about how they
obtain OpenJdk sources
(https://github.com/AdoptOpenJDK/openjdk-build/issues/514).
--
David Black / Security Engineer.
> tests calling System.exit comes up periodically for example).
As an another data point, we are using a (custom) security manager to
restrict access to certain cloud environment metadata resources.
--
David Black / Security Engineer.
n
one is not can be surprising to some.
* in some breaks usages of ParallelStream because
InnocuousForkJoinWorkerThread can potentially be used (this is fairly
easy to workaround) (also iirc the nio version can also be
problematic).
--
David Black / Security Engineer.
Sorry - I meant for the subject of my prior email to be "How does one
securely obtain and verify openjdk repositories as a non-contributor?"
ttps. As a result it appears to me that projects
like AdoptOpenJDK have to insecurely obtain openjdk sources over
http[0].
Thank you in advance.
[0]
https://github.com/AdoptOpenJDK/openjdk-build/blob/master/git-hg/update-without-modules.sh#L36
--
David Black / Security Engineer.
id is
JDK-8067695.
>
> On 9/24/15 10:46 PM, David Black wrote:
>
>> As I do not have an account on https://bugs.openjdk.java.net, yes I have
>> submitted a standard oracle java bug report, I thought it might be of
>> interest to those on this mailing list to forward information
13 matches
Mail list logo
