[
https://issues.apache.org/jira/browse/XALANJ-2635?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17732690#comment-17732690
]
Joe Kesselman commented on XALANJ-2635:
---------------------------------------
(Sorry to have to ask, but after almost four decades in the biz I've learned
that, like security, when it comes to legalisms paranoia may not be enough.)
> Remove JLex.jar from the source repository
> ------------------------------------------
>
> Key: XALANJ-2635
> URL: https://issues.apache.org/jira/browse/XALANJ-2635
> Project: XalanJ2
> Issue Type: Task
> Security Level: No security risk; visible to anyone(Ordinary problems in
> Xalan projects. Anybody can view the issue.)
> Components: XSLTC
> Reporter: Vladimir Sitnikov
> Assignee: Gary D. Gregory
> Priority: Major
>
> https://github.com/apache/xalan-java/tree/master/tools contains JLex.jar
> which is a binary file, and its provenance is unknown.
> The ASF rules forbid compiled including compiled code to the source
> repository (see
> https://lists.apache.org/thread/otx07h6vbjrsqd9r9sqpcpjscvjwtmfc), and in
> this case, there's no real need to have JLex.jar in the source repository.
> At the same time, the generated
> {{xalan-java/src/org/apache/xalan/xsltc/compiler/XPathLexer.java}} should be
> removed from the source control.
> I suggest that JLex.jar should be removed and it should be replaced with
> something else.
> For instance, the source code of JLex could be added as a separate subfolder,
> and xalan could compile JLex from sources.
> It looks like the official distribution is not maintained:
> https://www.cs.princeton.edu/~appel/modern/java/JLex/
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
