Hi Alan, > Adding support for POSIX file permissions to the zip APIs is problematic > as we've been discussing here. There are security concerns and also > concerns that how it interacts with JAR files and signed JAR in > particular. I don't disagree that we can come to agreement on zipfs > supporting a solution but I think we need to get the bigger picture on > where this is going first. If the piece to change the java.util.zip APIs > is dropped then it would make these discussions a lot simpler as it > removes most of the security issues from the table.
Yes, please consider changes to java.util.zip APIs as dropped. At least for the moment. I'm not saying I won't ever get back to that topic but maybe an enhancement of jdk.zipfs is already sufficient to provide the required Posix permission support for the Java platform. Best regards Christoph
