Thanks for raising this topic and putting time into it.

IMO the most useful thing to add is a test taming protection mechanism that
ensures that tests don't write to places in the project that should be
read-only.  Basically, if "git" would flag a change, then the test is
at-fault.  This was a fantastic benefit of the security manager.  I've made
this mistake before and surely it happened before the SM was used in this
way: you write a test that uses one of the Solr home templates, but not
intending to actually write data there but it happens.  The insidious part
is then another test comes along and reads data that shouldn't be there.  I
started chatting with Gemini on a solution involving a Gradle plugin that
would run "git status" before & after.  I may explore that further.  If I
don't... ah well; whatever.  Move on.

I don't put much stock in the original / standard use of the
SecurityManager.  The burden of maintaining its configuration and
trade-offs has been annoying.  The very vast majority of the Java developer
world has ignored it, yet we embraced it.  Shrug.  If you haven't noticed,
there aren't a lot of developer/maintenance hours being put into Solr
lately, so let's not overthink a replacement or if there needs to be one in
any way.  13 days later, you get the only reply (mine) -- case in point.
Sorry for the sad dose of reality.

~ David

On Thu, May 22, 2025 at 6:01 AM Jan Høydahl <jan....@cominvent.com> wrote:

> Hi,
>
> Let's kick off a discussion on what protections we'd want to put in place
> when Java Security Manager is gone in Java 24.
>
> Since this is a major topic likely spanning many parts of Solr, I made a
> SIP-24 for it:
>
>
> https://cwiki.apache.org/confluence/display/SOLR/SIP-24%3A+Java+Security+Manager+replacemen
>
> I do not intend to "lead" this effort, but hoping that kick-starting this
> discussion will lead to at least a set of JIRA issues being created for
> concrete actions for the most important actions.
>
> Jan

Reply via email to