Am 19.09.2011 23:07, schrieb Pedro Giffuni: > Hi Matias; > > On Mon, 19 Sep 2011 22:06:56 +0200, Mathias Bauer > <mathias_ba...@gmx.net> wrote: >> Am 18.09.2011 06:10, schrieb Pedro F. Giffuni: >> >>> Ugh ... nevermind, we already carry xmlsec ! >>> >>> I guess we have everything to get rid of nss but we are not using it >>> right? Apache Santuario is interesting though. >>> >>> Cheers, Pedro. >> >> The reason why we went for nss when we needed AES enryption was code >> quality. openssl was considered as badly maintained. >> >> Disclaimer: I just repeat what the engineer charged with the >> evaluation >> reported. I didn't carry out this evaluation by myself. >> > Thanks for the explanation. > > That might have been a valid reason then. The latest version is dated > from less than 2 weeks ago, so it looks pretty well maintained now :). > > Just a thought ... Perhaps we should try to make Apache OO *really* > Apache. I am now seeing so many nice things that other Apache projects > offer: Santuario, APR, pdfbox, Xerces/Xalan, Maven, etc. Just something > to consider (after 3.4).
Whatever external components are added: it should be avoided to use Java components for code that is loaded on startup or for loading "normal" documents. If possible, Java should be used only for optional components/features. Regards, Mathias
