'Re: JDK 14 RFR of JDK-8231368: Suppress warnings on non-serializable non-transient instance fields i'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openjdk-security-dev
Subject:    Re: JDK 14 RFR of JDK-8231368: Suppress warnings on non-serializable non-transient instance fields i
From:       Joe Darcy <joe.darcy () oracle ! com>
Date:       2019-10-08 22:36:22
Message-ID: 36128c55-19af-702e-3033-205a5e4dece7 () oracle ! com
[Download RAW message or body]

Hi Sean,

Amended as requested before pushing; thanks,

-Joe

On 10/8/2019 2:12 PM, Sean Mullan wrote:
> I would change "asn1" to "ASN.1" in the comment as that is the more 
> common usage of the acronym, otherwise looks good.
>
> Thanks,
> Sean
>
> On 10/8/19 1:36 PM, Joe Darcy wrote:
>> PS And a revised webrev acting on comments from the JDK-8231262 to 
>> use a single class-level @SuppressWarnings when an alternative serial 
>> form is implicitly being used:
>>
>>          http://cr.openjdk.java.net/~darcy/8231368.1/
>>
>> Thanks,
>>
>> -Joe
>>
>> On 10/8/2019 10:11 AM, Joe Darcy wrote:
>>> Hi Sean,
>>>
>>> Returning to this review....
>>>
>>> On 9/26/2019 12:35 PM, Sean Mullan wrote:
>>>> - Krb5Context.java
>>>>
>>>> 1394                 @SuppressWarnings("serial") // Not statically typed as 
>>>> Serializable
>>>> 1395                 private final EncryptionKey key;
>>>>
>>>> EncryptionKey is Serializable (it derives from java.security.Key 
>>>> which is Serializable). I was wondering why we needed to suppress 
>>>> the warning here.
>>>
>>>
>>> Taking a closer look, the field in question is of type
>>>
>>>        sun.security.krb5.EncryptionKey
>>>
>>> which is *not* declared to be Serializable:
>>>
>>> public class EncryptionKey
>>>        implements Cloneable {
>>>
>>> In contrast, the javax.security.auth.kerberos.EncryptionKey class is 
>>> declared to be Serializable. Therefore, the @SuppressWarnings on the 
>>> field in the initial patch is needed.
>>>
>>> If the patch looks good, I'll get this pushed.
>>>
>>> Thanks,
>>>
>>> -Joe
>>>
>>>>
>>>> --Sean
>>>>
>>>> On 9/23/19 8:15 PM, Joe Darcy wrote:
>>>>> Hello,
>>>>>
>>>>> Another module, another review request as part of making serial 
>>>>> warnings more robust:
>>>>>
>>>>>          JDK-8231368: Suppress warnings on non-serializable 
>>>>> non-transient instance fields in java.security.jgss
>>>>>          http://cr.openjdk.java.net/~darcy/8231368.0/
>>>>>
>>>>> (Related earlier review 
>>>>> https://mail.openjdk.java.net/pipermail/security-dev/2019-September/020672.html.) 
>>>>>
>>>>>
>>>>> In this latest review, I included a comment in KRBError.java that 
>>>>> its writeObject method uses a different encoding scheme.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> -Joe
>>>>>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic