Hi All,
A few of us have been discussing extracting the crypto components in
classpath as an external JCE provider especially for use with Java 1.4.x
based VMs (PR27649 for those looking for the whole story). This will
also help those trying to package classpath for distribution under
export restrictions since these jars can be excluded much more easily
than if they are integrated into the main classpath jar. 

What follows is a summary of what has been discussed so far. I feel it
would be best to see if there are any reservations about our plans:

1) We are currently planning to produce a crypto provider jar
(gnu.java.security, gnu.javax.crypto and gnu.javax.security). Currently
there are some dependencies on 'gnu.classpath.debug'. One suggestion was
to produce a separate jar for this package.  This sounds reasonable to
me but are there any objections? The other minor dependencies on other
classpath packages will be cleaned up.

2) We will extract a JCE jar with the javax.crypto classes. Most 1.4.x
vendors now include these, however, they check to see if the provider is
signed. This issue has been discussed earlier in various contexts [1].
If we produce this jar, users can use our crypto provider by placing the
JCE jar in the endorsed directory of their JRE for instance (if they
desire to do so). 

3) A Jessie jar would be extracted in a similar manner. 

4) Code in these packages (especially the JCE provider packages) will
only use Java 1.4.x constructs for the time being so it can be used with
1.4.x based JDKs (PR28127).

All suggestions/comments are welcome.
Thanks,
Vivek


[1] http://lists.debian.org/debian-java/2005/10/msg00089.html



Reply via email to