Yay, now I get to chime in with my non-legal background :-) > -----Original Message----- > From: Michael Gentry [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 22, 2007 11:18 AM > To: [email protected] > Subject: Re: podling BIS notifications (jars in svn & crypto) > > I don't think I'm missing your point (at least I'm trying not to). > I'm just arguing that if having an extension point in a > product in which an end-user can write their own code > separate of Apache (in our case, retrieving the DB password, > but really any extension point), in which the end-uesr can > incorporate encryption -- and thus require the BIS/etc, then > that opens a huge can of worms for a lot of projects (like > Ant).
Michael, I think I agreed with you when the thread started. I believe the point you're trying to make is that an end-user can incorporate encryption with any interface, particularly those just passing strings back and forth. After thinking about it a bit more though, I think the key difference is that your interface is ostensibly designed for the encryption of data. Between the method names and the salt argument, it'd be hard to argue it any other way. Whereas, at least where the other interfaces are concerned, the burden of proof is on someone else. If that truly be the case, then there may be no can of worms . . . -- Kevin
