logging-log4j-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Smith <psm...@aconex.com>
Subject Re: Fixing pluginDirectory
Date Wed, 30 Aug 2006 21:52:23 GMT
>
> If I may ask, why is this step necessary for using third-party
> plugins?  The warning that is popped up when this box is checked makes
> it clear that it isn't to be checked lightly.

Apache projects are not allowed to ship non-Apache jars as part of a  
distribution, unless the license for those 3rd party jars is  
compatible with the ASL, in at least one case for some receiver stuff  
the license is not compatible.  We are forced to ask you to download  
that yourself, and install it somewhere, in this case, the .plugins  
directory.

To throw a 2nd spanner in the works, Java Web Start classloading  
rules dictate that only classes loaded from the same classloader that  
loaded the Webstart app are valid (and need to be signed by the same  
certificate).  The only way around this was to disable the built-in  
security manager.    Since there is a slim possibility of 'rogue'  
code causing you problems if it was loaded we felt obligated to  
inform you of the potential problem.    The warning is probably  
written more on the scary side than necessary, but I felt that it  
would be better to err on the side of caution.  If you can suggest  
some better phrasing, we'll happily consider changing it.

You have some valid points about clarity of information (and  
quantity), which we will take on board.  I didn't think the error  
mentioned about the .plugin directory not being found would be  
'fatal' to you, Chainsaw should just keep on trucking (with the  
caveat that some of the Receiver types wouldn't be available).

cheers,

Paul Smith
Mime
View raw message