harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mikhail Loenko <mloe...@gmail.com>
Subject Re: [classlib] bouncy castle
Date Mon, 13 Feb 2006 16:44:31 GMT
IMHO
1) Might make sense for the second release :)

2) The only problem I see here - BC contains classes that are not necessary
for us. So, our repository will contain redundant files

3) It might be manufacturing our own UNsigned JAR from their JAR. If we do not
modify sources in #2 then I do not see big legal difference. Though I'm not an
expert in the legal area.

4.1) extract sources required to verify signature in the main BC JAR and
redistribute BC.JAR as is
4.2) develop sources required to verify signature in the main BC JAR and
redistribute BC.JAR as is
4.3) #2 but take only necessary classes

If #3 is not legally pure, then I'd prefer #2

Thanks,
Mikhail

On 2/13/06, Geir Magnusson Jr <geir@pobox.com> wrote:
> Ok, the thread re BC has gotten a bit confusing.
>
> I thought the reason we needed to consider using a copy of the code is
> because we need to create our own signed JAR.  If this is incorrect,
> please say something.
>
> I think there are a few ways to do this (and please, suggest others...) :
>
> 1) Rewrite the whole thing (certainly not ideal - noting here for
> completeness)
>
> 2) Get a copy of the BC source and put in our repository
>
> 3) "manufacture" our own signed JAR from their source JAR.
>
> 4) Other?
>
>
> I'm uncomfortable w/ #3 because we're not really simply re-distributing
> someone else's code (because we re-package) nor are we publishing
> something with the standard ASF oversight.  I'd like to avoid #1.  Can
> we do #2 and then keep refreshing whenever they do an update, with us
> contributing to them if we find bugs?
>
> Ideas?
>
> geir
>
>
>

Mime
View raw message