Also I noticed that you still have the afore mentioned comment in question in the file you attached ... we can safely take it off right? :-)
Thanks, Ruchith On Tue, Apr 8, 2008 at 10:05 AM, Ruchith Fernando <[EMAIL PROTECTED]> wrote: > Hi, > > Can you please create a JIRA on this and attach the changes as a patch to it. > Please make sure you select the option : "Grant license to ASF for > inclusion in ASF works ..." > > Thanks, > Ruchith > > > > On Tue, Apr 8, 2008 at 6:16 AM, George Stanchev <[EMAIL PROTECTED]> wrote: > > Hi, > > > > Since you're starting to talk about cutting a new release, I decided to > > throw this isssue in. I already raised this problem in an earlier > > email.The Eclipse Foundation IP review rejected wss4j 1.5.latest for > > aproval in its projects because of this file (found under > > src\org\apache\ws\security\components\crypto) contains a comment: > > > > /* > > * This source is a plain copy from bouncycastle software. > > * Thus: > > * Copyright (c) 2000 The Legion Of The Bouncy Castle > > (http://www.bouncycastle.org) > > */ > > > > Apparently there are some legal issues with BC - they are being sued > > somewhere in Europe for inclusion of a patented algorithm and Eclipse > > Legal wants to stay away from anything BC. They noted the ripoff code > > comment and alarms started ringing. However that stops us of including > > WSS4J in an Eclipse project I am commiter of and makes things > > complicated for our users. > > > > Besides all that, the X509Tokenizer included in wss4j is very simple and > > rudamentary and doesn't conform to RFC2253. In fact in X509 certs with > > more complex DNs it would give incorrect results. > > > > So in light of all this, and with the fact that Apache XML-Security > > 1.4.x already has a nice RFC2253 parser, can we replace the file in > > question with the version assigned to this email? It uses the > > XML-Security DN parser and just creates a wrapper with same WSS4J > > interface already implemented and consumed now. I copied 2 utility > > functions (trim() and countQuotes() from there locally and based the > > constructor on the RFC2253Parser normalize() method (same logic). > > Instead of lazily evaluating the DN, I construct an ArrayList with to > > hold the tokenized OIDs). > > > > If a WSS4J commiter can take a look at it and people think its OK, I > > will open a JIRA and attach the file to it. Please let me know, and if > > we can fix this issue, it would be really nice. > > > > Thanks in advance, > > > > George Stanchev > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they are > addressed. Any unauthorized review, use, disclosure or distribution is > prohibited. If you are not the intended recipient, please contact the sender > by reply e-mail and destroy all copies of the original message. > > ********************************************************************** > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > -- > http://blog.ruchith.org > http://wso2.org > -- http://blog.ruchith.org http://wso2.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
