db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@apache.org>
Subject Re: Installing a SecurityManager by default when the server boots
Date Thu, 08 Nov 2007 21:11:33 GMT
Rick Hillegas wrote:

> Unfortunately, this change has proved painful to some users. See, for 
> instance, DERBY-3086 and the ongoing discussion on DERBY-3083.
> 
> Now that we have some experience with the 10.3 release,

I wonder how much that "some experience" is? Is there enough to make a 
judgment?

  - 10.3 has been only out for three months.

  - There have been 2 Jiras entered for three (3) people, of which 2 
were hitting a bug that can be (is being?) fixed.

  - I only found one issue related to the default security manager being 
raised on derby-user, are there more?

So do we believe that these users hitting problems represent 100% of the 
user base or is it 50%, 1%, 0.1% or 0.01%?

Say there are 1,000 downloads a month, and 25% use the network server 
without making security changes, that would mean that over 99% of the 
network server users are running without problems and now running with a 
more secure server (even if they don't realize it).

Even dropping to 10% of the users running the network server without 
security changes means that 98.5% of those users have seen no issues.

I hate us to see us regress security based upon a couple of issues if 
it's working ok (and is an improvement) for the majority.

Dan.






Mime
View raw message