Hi All, A few of us have been discussing extracting the crypto components in classpath as an external JCE provider especially for use with Java 1.4.x based VMs (PR27649 for those looking for the whole story). This will also help those trying to package classpath for distribution under export restrictions since these jars can be excluded much more easily than if they are integrated into the main classpath jar. What follows is a summary of what has been discussed so far. I feel it would be best to see if there are any reservations about our plans: 1) We are currently planning to produce a crypto provider jar (gnu.java.security, gnu.javax.crypto and gnu.javax.security). Currently there are some dependencies on 'gnu.classpath.debug'. One suggestion was to produce a separate jar for this package. This sounds reasonable to me but are there any objections? The other minor dependencies on other classpath packages will be cleaned up. 2) We will extract a JCE jar with the javax.crypto classes. Most 1.4.x vendors now include these, however, they check to see if the provider is signed. This issue has been discussed earlier in various contexts [1]. If we produce this jar, users can use our crypto provider by placing the JCE jar in the endorsed directory of their JRE for instance (if they desire to do so). 3) A Jessie jar would be extracted in a similar manner. 4) Code in these packages (especially the JCE provider packages) will only use Java 1.4.x constructs for the time being so it can be used with 1.4.x based JDKs (PR28127). All suggestions/comments are welcome. Thanks, Vivek [1] http://lists.debian.org/debian-java/2005/10/msg00089.html
