As part of preparing for modules in the future [1], we need to look at
configuration (and other) files in the JDK and see whether such files
could eventually move to module-private locations.
There are several files in ${java.home}/lib/security and I'm trying to
get a feel for how common it is for developers or customers to edit
them. The specification for java.security.Policy and
java.security.KeyStore define the name/location of java.security and we
need to decide whether these can be changed to non-normative references.
I know from discussion with Sean on jigsaw-dev and elsewhere that some
customers may change the preference order of providers but this is
something that needs to be re-examined anyway as part of deploying
security providers as service providers. I'm mostly interested in the
other settings at this time and whether it is common or not to change
them. Also the other files, including java.policy. I realize we might
not have actual data but as such files are in the JDK image then I could
imagine it being problematic when upgrading the JDK.
Thanks,
-Alan.
[1] http://openjdk.java.net/jeps/162
