harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Ellison <t.p.elli...@gmail.com>
Subject Re: [classlib] Redistributing bouncy castle providers
Date Tue, 18 Sep 2007 11:52:19 GMT
Yuri Dolgov wrote:
> The JSSE provider is actually support IDEA based cipher suites, but it
> doesn't require IDEA implementation by default.

Yep, that is what I thought.

> Moreover, users should be aware if there is IDEA implementation as they
> could implicitly infringe the patent agreements.

Agreed.  We will not redistribute the IDEA impl, but if users want to go
and get the unmodified BouncyCastle JAR and use it (understanding the
terms under which they received it) then that is fine by us.

Regards,
Tim

> On 9/18/07, Tim Ellison <t.p.ellison@gmail.com> wrote:
>> There is a discussion over at the incubator general mailing list (e.g.
>> [1]), amongst other places, about the redistribution of BouncyCastle
>> code from ASF machines.
>>
>> The crux is that we can't redistribute BC's IDEA implementation as it is
>> subject to a known patent for which we don't have a grant/license.
>>
>> We'll have to change our current practice of publishing binaries that
>> include BC unmodified.  The resolution seems to be maintaining a local
>> copy of the BC JAR without the offending algorithm.  I expect we would
>> have to unsign the JAR too when modified.
>>
>> Do we have any dependencies upon IDEA?  I see some references in the
>> JSSE cipher suite code, but likely we don't attempt use it if we don't
>> have it.
>>
>> [1]
>>
>> http://mail-archives.apache.org/mod_mbox/incubator-general/200709.mbox/%3c46EC8EFF.3030201@rowe-clan.net%3e
>>
>> Regards,
>> Tim
>>
> 

Mime
View raw message