On 28/07/16 14:09, Stephen Colebourne wrote: > No more packages would be exposed than with the current proposal. No > more headache inducing problems would be created.
I think you must have misunderstood Dalibor to come to that second conclusion. A headache inducing problem that he clearly (to me at least) identified was the one where someone adds a package but omits to restrict it from being exported. The need for analgesic relief stems from this default being risky in a way that the opposing default is not. Forgetting to export a new package cannot compromise the security of the deployment (even though it might indeed compromise its functionality). Forgetting to restrict access can pass unnoticed whilst granting access to clients wiht larcenous intent. Now, you might wish to eschew (decline to chew) the aspirin and pooh pooh Dalibor's assessment that there is a /significant/ risk involved here. Suggesting that there is zero to balance against your suggested gains doesn't really stand up. regards, Andrew Dinn ----------- Senior Principal Software Engineer Red Hat UK Ltd Registered in England and Wales under Company Registration No. 03798903 Directors: Michael Cunningham, Michael ("Mike") O'Neill, Eric Shander