Konrad Windszus

Chrome removes CSP headers (https://chromium-review.googlesource.com/c/chromium/src/+/2176415) therefore it is very unlikely that setting CSP: sandbox on inline PDFs has any security impact (at least on Chrome)

For me it is not clear from the spec currently what one can expect. Regarding TCK I am not familiar with those so probably I won’t be able to come...

> why should it succeed in the second try? Because the exception may be recoverable > That it might be retried is either a side-effect or implementation specific I don't...

The state `FAILED_ACTIVATION` is depicted in neither https://docs.osgi.org/specification/osgi.cmpn/8.1.0/service.component.html#i1445265 nor https://docs.osgi.org/specification/osgi.cmpn/8.1.0/service.component.html#i1462979

I nowhere found any transitions explained from the FAILED_ACTIVATION state, still Felix SCR doesn't treat FAILED_ACTIVATION a final state, that calls for some clarification in the spec.

In most cases components are singleton and I don't care which instance I get, as long as I get one! So retry could also mean new instance, what matters is...

> and that's your wrong assumption here that anything is retired because of the failed activation. A 2nd/3rd/.... call of activate() would not happen in my singleton delayed component if...

I just tried with Apache Felix SCR (2.2.12) and this tries to activate both immediate and delayed components whenever their implemented services are requested. So for each `BundleContext.getService()` a new...

No, you have arbitrary line endings in the source and it should work with the same config to do `spotless:check` in Windows and Unix machines. PLATFORM_NATIVE only works if source...

I agree with all you said except for the case > file with both kinds of line endings In this case I would just throw an exception. This is IMHO...