We want it to be possible to extend packages, but only if you are a credentialed author--otherwise a malicious person can declare a class in the same package as stuff she wants to attack, and thus gain access to anything with package visibility. With java inner classes, this is particularly troubling. Java's class loader protects against this by isolating class loader instances, such that all the package internals for a given package com.foo are only visible if they are processed by the same loader. What if we did something where packages had public and private keys, and a package decided to allow someone to extend it?
We want it to be possible to extend packages, but only if you are a credentialed author--otherwise a malicious person can declare a class in the same package as stuff she wants to attack, and thus gain access to anything with package visibility. With java inner classes, this is particularly troubling. Java's class loader protects against this by isolating class loader instances, such that all the package internals for a given package com.foo are only visible if they are processed by the same loader. What if we did something where packages had public and private keys, and a package decided to allow someone to extend it?