Ok, the thread re BC has gotten a bit confusing.
I thought the reason we needed to consider using a copy of the code is
because we need to create our own signed JAR. If this is incorrect,
please say something.
I think there are a few ways to do this (and please, suggest others...) :
1) Rewrite the whole thing (certainly not ideal - noting here for
completeness)
2) Get a copy of the BC source and put in our repository
3) "manufacture" our own signed JAR from their source JAR.
4) Other?
I'm uncomfortable w/ #3 because we're not really simply re-distributing
someone else's code (because we re-package) nor are we publishing
something with the standard ASF oversight. I'd like to avoid #1. Can
we do #2 and then keep refreshing whenever they do an update, with us
contributing to them if we find bugs?
Ideas?
geir
|