Hi, Casey Marshall wrote: > On Mar 9, 2006, at 1:35 PM, Philippe Laporte wrote: > >> Casey Marshall wrote: >> >>> On Mar 9, 2006, at 8:54 AM, Philippe Laporte wrote: >>> >>>> Does this library have (ie is in a perfect state) all the >>>> security and signing stuff that classpath lacks right now? How >>>> about the security audit? >>>> >>> >>> I don't understand (and have been largely ignoring this thread, so >>> I may have missed some context). >> >> >> >> Unfortunate. Despite some people think I'm ugly, you'll come to like >> me with time...give me a chance >> > > Not you in particular; I saw "sablevm" and "license" and that > discussion is always pointless. [you may skip this if you are from gcjwebplugin only] I spoke with Peter Mehlitz yesterday. He says it's been going since there was ever Java. I think you guys are wrong in thinking it is pointless. I will repeat myself as much as needed: when Nokia comes around they will want a clear story. I have sent the issue to the FSF. Please use any influcen you have to make Open Source Java great! Now for the VM question. I would very much like, and Peter seemingly agrees (now please don't go shooting at him here. He didn't agree to me citing him. I didn't ask. But I think this is fine. I think you all respect him to some extent), to see the number of Open Source VMs around decrease to around 5-6. What is the leading CLDC open-source VM where one can add proprietary software, link in extra code in whatever way he pleases, pay his hommage to the VM gods (loads of money also helps), and all happening harmoniously? And then the guy can sell the result to other big guys... What is wrong with that? Free software means the Freedom to not start from scratch when you change workplaces. The rest is all political. I propose that you look carefully into the Maemo/Nokia way of Open Source. Now, as to the appropriateness of this topic in this list. I think it is paying serious hommage to Classpath to talk about this here. I got a small pledge down below, and now I'll follow Etienne's advice, which is to take a break. > >>> What do you think is missing from Classpath's security >>> infrastructure? >> >> >> >> support for signed jars, I was told >> > > Nope. Classpath has had support for *verifying* signed jar files for > some time now; we do currently lack support for *creating* signed jar > files (i.e., we don't have a replacement for `jarsigner' yet) but I > think Raif said he would look into that. > > I kinda doubt Harmony has a `jarsigner' yet, unless they were able to > panhandle one from IBM or Intel. Good. Now we need verification in Knopflerfish R4 and it is not yet implemented. Is someone willing to join forces to implement it both in KF and in GCJWebplugin? Off for the weekend, Philippe
