I have checked in a new version of the 10.15.1 release notes,
incorporating Bryan's feedback about the detailed note for DERBY-6945:
http://svn.apache.org/viewvc/db/derby/code/branches/10.15/RELEASE-NOTES.html?view=co
Additional advice always welcome.
Thanks,
-Rick
On 1/13/19 9:51 AM, Bryan Pendleton wrote:
Hi Rick,
Here's a few thoughts about ways we could possibly improve the
DERBY-6945 release note:
1) In the derbyshared.jar section, we could point out that
derbyrun.jar now includes derbyshared.jar automatically, so if you use
derbyrun.jar for your CLASSPATH, no changes are needed for
derbyshard.jar (at least, that seems to be my experience).
2) I think we could make the security policy section of the release
note more explicit. I suspect this is actually likely to be the
trickiest part of the upgrade for existing Derby users, and the
current release note doesn't really walk them through the important
parts of the changes. Would it be fair to say something like: The
principal changes to the security configuration are as follows: (1)
the new derbyshared.jar codebase needs the appropriate permissions, as
described in the Security guide (2) The package names and class names
have changed from Derby 10.14, so existing policy files need to adjust
the lines which mention Derby package and class names, as described in
the Security guide, and (3) if you are running with a MODULEPATH,
rather than a CLASSPATH, the jdk.module.path permissions must be in
place, as described in the Secuirty guide.
3) And do they really need to review the entire Security guide? Or do
they just have to look at
db-derby-10.15.1.0-bin/docs/html/security/csecjavasecurity.html ? If
that's the only really affected area, perhaps we could make the
release note hyperlink go directly to that section in the Security
guide, rather than to the top-level table of contents for the entire
Security guide, which is a bit overwhelming. :)
thanks,
bryan
