On 02/11/2021 14:00, - wrote:
On a side note, will the actual removal of finalization become a
dependency of the actual removal of the security manager? I recall
when the security manager was deprecated for removal, developers
pointed out that there can be security risks with finalization in the
mailing list.
I suspect you may be thinking about classes that specify SM permission
checks in their constructors. If so then no SM means the permission
check doesn't do anything. If finalization is disabled or removed then
the specific attack isn't a concern. So I think independent for that
discussion, assuming this is what you mean.
-Alan
