On Mon, 19 Sep 2011 16:42:22 -0500, Pedro Giffuni
<giffu...@tutopia.com> wrote:
On Mon, 19 Sep 2011 23:34:22 +0200, Mathias Bauer
<mathias_ba...@gmx.net> wrote:
...
Just a thought ... Perhaps we should try to make Apache OO
*really*
Apache. I am now seeing so many nice things that other Apache
projects
offer: Santuario, APR, pdfbox, Xerces/Xalan, Maven, etc. Just
something
to consider (after 3.4).
Whatever external components are added: it should be avoided to use
Java
components for code that is loaded on startup or for loading
"normal"
documents. If possible, Java should be used only for optional
components/features.
Except for pdfbox, all the Apache conponents I mentioned are
available
in C/C++ versions.
(I was on my way out so I left this sort of half answered)
The issue here is xmlsec as we have it now depends on nss and openssl.
Apache Santuario has xml-security-c which only depends on openssl (and
Xerces-c3).
The Apache way would be to use Santuario, but that is probably more
work
than finding out why we are not using xmlsec + openssl. In both cases
we should also update OpenSSL for security reasons.
Pedro.
