On 6/16/17 11:13 AM, Mandy Chung wrote:
On Jun 16, 2017, at 8:00 AM, Sean Mullan <[email protected]> wrote:
Please review this clarification to the SecurityManager::checkPackageAccess
method to note that the method may be called by the Virtual Machine when
loading classes:
http://cr.openjdk.java.net/~mullan/webrevs/8181295/webrev.00/
A small correction was also made to the checkPackageDefinition method to note
that it may be called by the defineClass (and not the loadClass) method of
class loaders.
checkPackageDefinition is always a question for me and it’s not called in the
JDK implementation. Is there any test verifying that (i.e. called from
defineClass)?
I’m okay to change “is” to “may” in checkPackageDefinition in this patch. I
can’t validate this spec change. I suggest to separate this from JDK-8181295
and follow up in a future release.
Ok, that's fine. Instead of changing the wording, I would prefer to
revert the change to checkPackageDefinition and file a new issue to
address that separately in a subsequent release as it is not as critical
and not specifically related to this issue.
Thanks,
Sean
