On 17/06/2023 11:13 pm, Alan Bateman wrote:
On Tue, 13 Jun 2023 20:36:28 GMT, Anthony Scarpino <ascarp...@openjdk.org>
wrote:
This moves the SunEC JCE Provider (Elliptic Curve) into java.base. EC has
always been separate from the base module/pkg because of its dependence on a
native library. That library was removed in JDK 16.
The proposed changes look okay, meaning it should be okay to have the SunEC
provider in java.base. However, the motivation isn't clear as there isn't an
issue with JCE providers in java.base using native code. I know there were
non-technical issues with libsunec in the past but that would haven't prevent
the SunEC code form being compiled into java.base.
I assume the main implications of the change is that 3rd party JCE providers
signed with an EC certificate can now be deployed on the module path. Another
way to solve that issue is that delay verification of signed JARs until the
boot layer is created - if we did that, would you still want to move the SunEC
provider into java.base?
Curious, the provider mechanism provides a level of indirection, aka
service, a boundary or separation. How are module boundaries defined?
Regards,
Peter.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/14457#issuecomment-1595748679
