I wrote: > At present there is only one > classloader that documents that it will do a package access > check, and that is the classloader returned by URLClassLoader.newInstance.
Bah! I can't even read straight this morning. According to the article the system classloader *does* perform this check - not that this seems to be documented anywhere. So Classpath probably should define a system class loader that does this too. That said, given the check only comes into play when a security manager is installed, and it may be avoided by a user-defined classloader, does this actually provide the protection that was desired? (And what exactly was the protection anyway?) David _______________________________________________ Classpath mailing list [EMAIL PROTECTED] http://lists.gnu.org/mailman/listinfo/classpath
