On Thursday 22 June 2006 08:36, Vivek Lakshmanan wrote: > Hi All, > A few of us have been discussing extracting the crypto components in > classpath as an external JCE provider especially for use with Java > 1.4.x based VMs (PR27649 for those looking for the whole story). This > will also help those trying to package classpath for distribution > under export restrictions since these jars can be excluded much more > easily than if they are integrated into the main classpath jar. > > What follows is a summary of what has been discussed so far. I feel > it would be best to see if there are any reservations about our > plans: > > 1) We are currently planning to produce a crypto provider jar > (gnu.java.security, gnu.javax.crypto and gnu.javax.security). > Currently there are some dependencies on 'gnu.classpath.debug'. One > suggestion was to produce a separate jar for this package. This > sounds reasonable to me but are there any objections? The other minor > dependencies on other classpath packages will be cleaned up. > > 2) We will extract a JCE jar with the javax.crypto classes. Most > 1.4.x vendors now include these, however, they check to see if the > provider is signed. This issue has been discussed earlier in various > contexts [1]. If we produce this jar, users can use our crypto > provider by placing the JCE jar in the endorsed directory of their > JRE for instance (if they desire to do so). > > 3) A Jessie jar would be extracted in a similar manner. > > 4) Code in these packages (especially the JCE provider packages) will > only use Java 1.4.x constructs for the time being so it can be used > with 1.4.x based JDKs (PR28127).
does anybody know of a free tool that can help detect usage of non-1.4 API in a package/jar? could the JAPI tool be used for this or as part of a solution? > All suggestions/comments are welcome. > Thanks, > Vivek > > > [1] http://lists.debian.org/debian-java/2005/10/msg00089.html TIA + cheers; rsn
pgpoN76APbCWy.pgp
Description: PGP signature
