santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Mullan <Sean.Mul...@Sun.COM>
Subject Re: 1.4.2 beta2 release
Date Tue, 22 Apr 2008 15:12:40 GMT
Thanks for the comments and reviewing the docs!

jason marshall wrote:
> I'm a little troubled by the fact that after all this time, the
> download and install instructions still fail to mention the ten or so
> libraries you have to go find on your own in order to get the ant
> script to work.

The docs are still sorely in need of an update. Unfortunately, there are 
only 2 active committers (who also have regular jobs) working on the 
Java implementation, and bugs have taken priority. I tried to improve 
the docs a bit a while ago, but more work is needed. If you would like 
to contribute a section on installation, I would be glad to review it 
and incorporate it.

> Specifically:
> 
> The website doesn't mention them at all.  It says download the source
> zip and run ant.  Um, no, that won't work, you'll just get a compile
> error.

I've actually never downloaded the source bundle. If you need to build 
it, I would checkout the whole workspace with svn. This includes all the 
jars that are necessary. At least it should. But yes, I agree we need 
some docs that explain how to build from the source bundle.

> Alternatively, the INSTALL file still refers to XML-Sec 1.1, which
> would be a little offputting.  It then goes on to describe which
> libraries you'll need, but then doesn't mention what to call them.
> Now I can read build.xml files just fine, but are you assuming that
> understanding them is a prerequisite?
> 
> You fetch Bouncy Castle for people (which I don't think is entirely
> legal, is it?), but you don't fetch the others?  Why the dichotomy?
> Or to say it another way, why do you need to circumvent export on an
> export controlled library, when you're not exporting any other
> libraries?

I never really liked the BouncyCastle auto-download "feature". This was 
put in before I got involved in the project and frankly I think it was 
done because the providers shipped with the JDK didn't yet support all 
of the necessary algorithms for XML Signature. That has changed, so I 
think it is reasonable to remove this from the build.xml (or at least 
make it not the default behavior).

I'd love to have your help on improving the docs if you have the time. I 
may be able to fix some things in the near future, but doubt I will have 
the time to make all the improvements that are really necessary.

Thanks,
Sean

> 
> Thanks,
> Jason Marshall
> 
> 
> 
> 
> On Mon, Apr 14, 2008 at 12:01 PM, Sean Mullan <Sean.Mullan@sun.com> wrote:
>> Hi all,
>>
>>  I have uploaded a jar file for the 1.4.2 beta2 release. Please download
>>  it and test it and report any bugs or problems. In about 2 weeks, we
>>  will take a vote to see if we should have another beta release or if it
>>  is ready for a release candidate.
>>
>>  http://people.apache.org/~mullan/dist/xmlsec-1.4.2beta2.jar
>>
>>  Thanks!
>>  Sean
>>
> 
> 
> 


Mime
View raw message