Hi, Can you please create a JIRA on this and attach the changes as a patch to it. Please make sure you select the option : "Grant license to ASF for inclusion in ASF works ..."
Thanks, Ruchith On Tue, Apr 8, 2008 at 6:16 AM, George Stanchev <[EMAIL PROTECTED]> wrote: > Hi, > > Since you're starting to talk about cutting a new release, I decided to > throw this isssue in. I already raised this problem in an earlier > email.The Eclipse Foundation IP review rejected wss4j 1.5.latest for > aproval in its projects because of this file (found under > src\org\apache\ws\security\components\crypto) contains a comment: > > /* > * This source is a plain copy from bouncycastle software. > * Thus: > * Copyright (c) 2000 The Legion Of The Bouncy Castle > (http://www.bouncycastle.org) > */ > > Apparently there are some legal issues with BC - they are being sued > somewhere in Europe for inclusion of a patented algorithm and Eclipse > Legal wants to stay away from anything BC. They noted the ripoff code > comment and alarms started ringing. However that stops us of including > WSS4J in an Eclipse project I am commiter of and makes things > complicated for our users. > > Besides all that, the X509Tokenizer included in wss4j is very simple and > rudamentary and doesn't conform to RFC2253. In fact in X509 certs with > more complex DNs it would give incorrect results. > > So in light of all this, and with the fact that Apache XML-Security > 1.4.x already has a nice RFC2253 parser, can we replace the file in > question with the version assigned to this email? It uses the > XML-Security DN parser and just creates a wrapper with same WSS4J > interface already implemented and consumed now. I copied 2 utility > functions (trim() and countQuotes() from there locally and based the > constructor on the RFC2253Parser normalize() method (same logic). > Instead of lazily evaluating the DN, I construct an ArrayList with to > hold the tokenized OIDs). > > If a WSS4J commiter can take a look at it and people think its OK, I > will open a JIRA and attach the file to it. Please let me know, and if > we can fix this issue, it would be really nice. > > Thanks in advance, > > George Stanchev > > ********************************************************************** > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > Any unauthorized review, use, disclosure or distribution is prohibited. If > you are not the intended recipient, please contact the sender by reply e-mail > and destroy all copies of the original message. > ********************************************************************** > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > -- http://blog.ruchith.org http://wso2.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
