Hi Alex,
This seems to resolve most of the Alan's concerns.
Though, I'm not sure if we can treat users that deploy and use agents as
developers.
Otherwise, we may want to tweak the last sentence a little bit:
"Developers or administrators that deploy agents, deploy applications
that
package an agent with the application, or anyone using a tools that
loads agents into a
running application, are responsible for verifying the trustworthiness
of each
agent including the content and structure of the agent JAR file.
But let's wait for Alan's opinion.
Thanks,
Serguei
On 5/12/20 12:57, Alex Menkov wrote:
Hi Alan, Serguei,
lets try one more time :)
What about:
Agents can transform classes in arbitrary ways at load time, transform
modules, or transform the bytecode of methods of already loaded classes.
Developers or administrators that deploy agents, deploy applications that
package an agent with the application, or use tools that load agents
into a
running application, are responsible for verifying the trustworthiness
of each
agent including the content and structure of the agent JAR file.
please let me know what do you thinks, I'll prepare & publish new
webrev as soon as we get agreement about the paragraph.
--alex
On 05/12/2020 00:59, Alan Bateman wrote:
On 11/05/2020 22:14, Alex Menkov wrote:
Updated webrev:
http://cr.openjdk.java.net/~amenkov/jdk15/java_instrument_spec/webrev.2/
--alex
This doesn't work for me because it drops the important point that
the developer/admin is also responsible when deploying an agent that
packages an agent with the application. Also anyone using a tool that
loads agents into a running VM has responsibility too. So I think
these points need to be included.
-Alan.
