You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@netbeans.apache.org by Eric Bresie <eb...@gmail.com> on 2021/05/15 15:53:18 UTC
Plans for Depreciation of Security Manager
Was reading a recent InfoQ article (1) that touched on JEP-411 deprivation of Security Manager which relates to deprivation/removal of Applet (3). The article links up with a Netbeans blog entry on this (4).
Sounds like Netbeans uses it more for monitoring than actual security matters so does this mean really this sort of monitoring will no longer be possible and just needs to be removed? Or does this mean it needs to be modified to leverage different APIs (Security Policy??)?
What is the plan for this?
Not sure if this is related but does this overlap with a ticket raised previously on some other Security related deprecations (5)?
Eric Bresie
Ebresie@gmail.com (mailto:Ebresie@gmail.com)
Reference:
(1) https://www.infoq.com/news/2021/04/java-security-vote/
(2) https://openjdk.java.net/jeps/411
(3) https://openjdk.java.net/jeps/ (https://openjdk.java.net/jeps/411)398/
(4) https://blogs.apache.org/netbeans/entry/jep-411-deprecate-the-security (https://blogs.apache.org/netbeans/entry/jep-411-deprecate-the-security)
(5) https://issues.apache.org/jira/browse/NETBEANS-5376 (https://issues.apache.org/jira/browse/NETBEANS-5376?filter=-2)
Re: Plans for Depreciation of Security Manager
Posted by Geertjan Wielenga <ge...@googlemail.com.INVALID>.
You could reach out directly to some of those I’ve forewarded to you.
Gj
On Wed, 26 May 2021 at 00:07, Geertjan Wielenga <
geertjan.wielenga@googlemail.com> wrote:
>
> There’s several threads on that topic on that mailing list, as well as on
> the #jeps Foojay Slack channel.
>
> Gj
>
> On Wed, 26 May 2021 at 00:06, Kenneth Fogel <kf...@dawsoncollege.qc.ca>
> wrote:
>
>> I did eventually find one objection to eliminating the Security Manager
>> but that was it.
>>
>> Ken
>>
>> -----Original Message-----
>> From: Kenneth Fogel <kf...@dawsoncollege.qc.ca>
>> Sent: May 25, 2021 6:01 PM
>> To: dev@netbeans.apache.org
>> Subject: RE: Plans for Depreciation of Security Manager
>>
>> When I brought this up on the JCP EC mailing list I was told to join the
>> https://mail.openjdk.java.net/mailman/listinfo/jdk-dev list, which I
>> did. I also looked at the archive for this list. With a deadline of this
>> Friday to comment on this proposal there have been no comments that are
>> shown to me. Should we not make a representation on this matter?
>>
>> Ken
>>
>>
>> -----Original Message-----
>> From: Jaroslav Tulach <ja...@gmail.com>
>> Sent: May 18, 2021 10:41 PM
>> To: Netbeans Developer List <de...@netbeans.apache.org>
>> Subject: Re: Plans for Depreciation of Security Manager
>>
>> Dne neděle 16. května 2021 17:34:39 CEST, Jaroslav Tulach napsal(a):
>> > However nobody has yet seen the implementation of JEP-411.
>>
>> The PR is https://github.com/openjdk/jdk/pull/4073
>>
>> > > What is the plan for this?
>> >
>> > Make a noise. Vote against release of any JDK that would prevent last
>> > few existing NetBeans releases to start/run.
>>
>> NetBeans doesn't run/start with the PR-4073.
>> -jt
>>
>> PS: Passing command line switches doesn't help. Nobody knows the
>> combination to make existing NetBeans IDE start.
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@netbeans.apache.org
>> For additional commands, e-mail: dev-help@netbeans.apache.org
>>
>> For further information about the NetBeans mailing lists, visit:
>> https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@netbeans.apache.org
>> For additional commands, e-mail: dev-help@netbeans.apache.org
>>
>> For further information about the NetBeans mailing lists, visit:
>> https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
>>
>>
>>
>>
Re: Plans for Depreciation of Security Manager
Posted by antonio <an...@vieiro.net>.
Also at infoq:
https://www.infoq.com/news/2021/06/openjdk-post-securitymanager/
Cheers,
Antonio
On 26/05/2021 0:07, Geertjan Wielenga wrote:
> There’s several threads on that topic on that mailing list, as well as on
> the #jeps Foojay Slack channel.
>
> Gj
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@netbeans.apache.org
For additional commands, e-mail: dev-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
Re: Plans for Depreciation of Security Manager
Posted by Geertjan Wielenga <ge...@googlemail.com.INVALID>.
There’s several threads on that topic on that mailing list, as well as on
the #jeps Foojay Slack channel.
Gj
On Wed, 26 May 2021 at 00:06, Kenneth Fogel <kf...@dawsoncollege.qc.ca>
wrote:
> I did eventually find one objection to eliminating the Security Manager
> but that was it.
>
> Ken
>
> -----Original Message-----
> From: Kenneth Fogel <kf...@dawsoncollege.qc.ca>
> Sent: May 25, 2021 6:01 PM
> To: dev@netbeans.apache.org
> Subject: RE: Plans for Depreciation of Security Manager
>
> When I brought this up on the JCP EC mailing list I was told to join the
> https://mail.openjdk.java.net/mailman/listinfo/jdk-dev list, which I did.
> I also looked at the archive for this list. With a deadline of this Friday
> to comment on this proposal there have been no comments that are shown to
> me. Should we not make a representation on this matter?
>
> Ken
>
>
> -----Original Message-----
> From: Jaroslav Tulach <ja...@gmail.com>
> Sent: May 18, 2021 10:41 PM
> To: Netbeans Developer List <de...@netbeans.apache.org>
> Subject: Re: Plans for Depreciation of Security Manager
>
> Dne neděle 16. května 2021 17:34:39 CEST, Jaroslav Tulach napsal(a):
> > However nobody has yet seen the implementation of JEP-411.
>
> The PR is https://github.com/openjdk/jdk/pull/4073
>
> > > What is the plan for this?
> >
> > Make a noise. Vote against release of any JDK that would prevent last
> > few existing NetBeans releases to start/run.
>
> NetBeans doesn't run/start with the PR-4073.
> -jt
>
> PS: Passing command line switches doesn't help. Nobody knows the
> combination to make existing NetBeans IDE start.
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@netbeans.apache.org
> For additional commands, e-mail: dev-help@netbeans.apache.org
>
> For further information about the NetBeans mailing lists, visit:
> https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@netbeans.apache.org
> For additional commands, e-mail: dev-help@netbeans.apache.org
>
> For further information about the NetBeans mailing lists, visit:
> https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
>
>
>
>
RE: Plans for Depreciation of Security Manager
Posted by Kenneth Fogel <kf...@dawsoncollege.qc.ca>.
I did eventually find one objection to eliminating the Security Manager but that was it.
Ken
-----Original Message-----
From: Kenneth Fogel <kf...@dawsoncollege.qc.ca>
Sent: May 25, 2021 6:01 PM
To: dev@netbeans.apache.org
Subject: RE: Plans for Depreciation of Security Manager
When I brought this up on the JCP EC mailing list I was told to join the https://mail.openjdk.java.net/mailman/listinfo/jdk-dev list, which I did. I also looked at the archive for this list. With a deadline of this Friday to comment on this proposal there have been no comments that are shown to me. Should we not make a representation on this matter?
Ken
-----Original Message-----
From: Jaroslav Tulach <ja...@gmail.com>
Sent: May 18, 2021 10:41 PM
To: Netbeans Developer List <de...@netbeans.apache.org>
Subject: Re: Plans for Depreciation of Security Manager
Dne neděle 16. května 2021 17:34:39 CEST, Jaroslav Tulach napsal(a):
> However nobody has yet seen the implementation of JEP-411.
The PR is https://github.com/openjdk/jdk/pull/4073
> > What is the plan for this?
>
> Make a noise. Vote against release of any JDK that would prevent last
> few existing NetBeans releases to start/run.
NetBeans doesn't run/start with the PR-4073.
-jt
PS: Passing command line switches doesn't help. Nobody knows the combination to make existing NetBeans IDE start.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@netbeans.apache.org
For additional commands, e-mail: dev-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@netbeans.apache.org
For additional commands, e-mail: dev-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
RE: Plans for Depreciation of Security Manager
Posted by Kenneth Fogel <kf...@dawsoncollege.qc.ca>.
When I brought this up on the JCP EC mailing list I was told to join the https://mail.openjdk.java.net/mailman/listinfo/jdk-dev list, which I did. I also looked at the archive for this list. With a deadline of this Friday to comment on this proposal there have been no comments that are shown to me. Should we not make a representation on this matter?
Ken
-----Original Message-----
From: Jaroslav Tulach <ja...@gmail.com>
Sent: May 18, 2021 10:41 PM
To: Netbeans Developer List <de...@netbeans.apache.org>
Subject: Re: Plans for Depreciation of Security Manager
Dne neděle 16. května 2021 17:34:39 CEST, Jaroslav Tulach napsal(a):
> However nobody has yet seen the implementation of JEP-411.
The PR is https://github.com/openjdk/jdk/pull/4073
> > What is the plan for this?
>
> Make a noise. Vote against release of any JDK that would prevent last
> few existing NetBeans releases to start/run.
NetBeans doesn't run/start with the PR-4073.
-jt
PS: Passing command line switches doesn't help. Nobody knows the combination to make existing NetBeans IDE start.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@netbeans.apache.org
For additional commands, e-mail: dev-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
Re: Plans for Depreciation of Security Manager
Posted by Jaroslav Tulach <ja...@gmail.com>.
Dne neděle 16. května 2021 17:34:39 CEST, Jaroslav Tulach napsal(a):
> However nobody has yet seen the implementation of JEP-411.
The PR is https://github.com/openjdk/jdk/pull/4073
> > What is the plan for this?
>
> Make a noise. Vote against release of any JDK that would prevent last few
> existing NetBeans releases to start/run.
NetBeans doesn't run/start with the PR-4073.
-jt
PS: Passing command line switches doesn't help. Nobody knows the combination
to make existing NetBeans IDE start.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@netbeans.apache.org
For additional commands, e-mail: dev-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
Re: Plans for Depreciation of Security Manager
Posted by Jaroslav Tulach <ja...@gmail.com>.
> Sounds like Netbeans uses it more for monitoring than actual security
> matters ...
The JEP-411 sounds scary. However nobody has yet seen the implementation of
JEP-411. Until that is available it is hard to estimate the amount of damage
JEP-411 is going to cause to NetBeans. The worst scenario is that no existing
Apache NetBeans 12.x version is about to start on JDK with JEP-411.
> What is the plan for this?
Make a noise. Vote against release of any JDK that would prevent last few
existing NetBeans releases to start/run. If that fails, stick with older JDK.
-jt
>
> Not sure if this is related but does this overlap with a ticket raised
> previously on some other Security related deprecations (5)?
>
> Eric Bresie
> Ebresie@gmail.com (mailto:Ebresie@gmail.com)
>
> Reference:
>
> (1) https://www.infoq.com/news/2021/04/java-security-vote/
> (2) https://openjdk.java.net/jeps/411
> (3) https://openjdk.java.net/jeps/ (https://openjdk.java.net/jeps/411)398/
> (4) https://blogs.apache.org/netbeans/entry/jep-411-deprecate-the-security
> (https://blogs.apache.org/netbeans/entry/jep-411-deprecate-the-security)
> (5) https://issues.apache.org/jira/browse/NETBEANS-5376
> (https://issues.apache.org/jira/browse/NETBEANS-5376?filter=-2)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@netbeans.apache.org
For additional commands, e-mail: dev-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists