On Wed, 17 Apr 2024 23:24:06 GMT, Joe Wang <jo...@openjdk.org> wrote:
> Add two sample configuration files: > > jaxp-strict.properties: used to set strict configuration, stricter than > jaxp.properties in previous versions such as JDK 22 > > jaxp-compat.properties: used to regain compatibility from any more > restricted configuration than previous versions such as JDK 22 Hi Joe, Overall this looks fine though we need to clarify more as to the differences between jaxp-compat.properties vs jaxp.properties and also make it clearer why anyone would use jaxp.strict.properties As part of the review, I would suggest that a Release Note is created which will hopefully clarify when to use which file. Also when we actually change the defaults in a JDK release to be the equivalent of jaxp-strict.properties, that this file can be removed? If so this should be documented in the Release Note and perhaps a comment in the properties file itself src/java.xml/share/conf/jaxp-compat.properties line 10: > 8: # configuration, properties that have more restrictive settings as in the > 9: # strict configuration (jaxp-strict.properties) are reversed back to their > 10: # defaults. In particular: I think the above needs some more word smithing as we have not articulated what a strict configuration is or how this differs from jaxp.properties src/java.xml/share/conf/jaxp-compat.properties line 16: > 14: # > 15: # This configuration file can be used to reverse back to a working > environment > 16: # prior to any more restrictive configuration that may have been applied. How does this differ from jaxp.properties for JDK 23? I can understand for when we move to secure by default, we just need to be clear on the purpose of each jaxp properties files ------------- PR Review: https://git.openjdk.org/jdk/pull/18831#pullrequestreview-2009160577 PR Review Comment: https://git.openjdk.org/jdk/pull/18831#discussion_r1570932404 PR Review Comment: https://git.openjdk.org/jdk/pull/18831#discussion_r1570934511