2009/8/28 Max (Weijun) Wang <weijun.w...@sun.com>: > > On Aug 27, 2009, at 9:52 PM, Andrew John Hughes wrote: > >> The problem is more the fact that it's an additional copy rather than >> using the system installation, which means it has to be patched for >> bugs and security fixes separately. For IcedTea, I'll look at >> providing and using the option of using the system NSS and will also >> submit this for review here if there is interest in providing such an >> option. > > Since Java security is already provider based, I guess you can simply write > one provider named NSS and remove all other security.provider.<n> lines in > jre/lib/security/java.security. > > Max > >
Sounds like the JDK6 solution :) I think the simpler fix is to just provide an option for the calls to the native code to use the system library rather than the included copy (some of the new files appear to be verbatim copies of files from NSS AFAICS). But I need to look at this in more detail. Thanks, -- Andrew :-) Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com) Support Free Java! Contribute to GNU Classpath and the OpenJDK http://www.gnu.org/software/classpath http://openjdk.java.net PGP Key: 94EFD9D8 (http://subkeys.pgp.net) Fingerprint: F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
