Hi Alan, all, I'd welcome a discussion, for sure. Unfortunately there hasn't been so much participation in this yet. I think this is an item where it's hard to have a clear opinion and where it's difficult to oversee all implications it might have.
Who'd be willing to have a look from security perspective? Thanks & Best regards Christoph From: Alan Bateman <alan.bate...@oracle.com> Sent: Montag, 5. November 2018 11:23 To: Langer, Christoph <christoph.lan...@sap.com>; core-libs-dev <core-libs-...@openjdk.java.net>; security-dev@openjdk.java.net; Xueming Shen <xueming.s...@oracle.com> Cc: Volker Simonis <volker.simo...@gmail.com>; nio-dev <nio-...@openjdk.java.net> Subject: Re: RFR 8213031: (zipfs) Add support for POSIX file permissions On 05/11/2018 07:32, Langer, Christoph wrote: Hi, Ping. May I get reviews/substantial feedback on this zipfs enhancement? It might be bit early to be asking for a code review on just one piece of this. I think the first step on this feature has to be to put all the issues on the table. There are several discussion points around ZIP vs. JAR, the impact on signed JARs, carrying permissions without a file owner, and the impact on tools. I also think that there will need to be discussion on security-dev as some of these issues around this feature have security concerns. -Alan