Where production policy belongs: building Eliya in public
fahimfarookm
·
2026-06-27
·
via HN's home page
 | |
Eliya is an OpenJDK 25 LTS distribution for regulated / compliance-conscious production. One argument behind it is that some production and compliance policy can only be implemented inside the JVM, not by a wrapper around it. Example: PCI DSS 3.5.1 requires a PAN to be unreadable at rest, but a heap dump writes live card numbers to disk in cleartext. Disable dumps and you lose the forensics. Redacting the dump as the stream is written, inside HotSpot, is the only solution that doesn't trade one risk for another, and you can't compose it from existing flags. |
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。