On Thu, Jun 22, 2006 at 08:07:19PM +1000, Raif S. Naffah wrote: > On Thursday 22 June 2006 08:36, Vivek Lakshmanan wrote: > > Hi All, > > A few of us have been discussing extracting the crypto components in > > classpath as an external JCE provider especially for use with Java > > 1.4.x based VMs (PR27649 for those looking for the whole story). This > > will also help those trying to package classpath for distribution > > under export restrictions since these jars can be excluded much more > > easily than if they are integrated into the main classpath jar. > > > > What follows is a summary of what has been discussed so far. I feel > > it would be best to see if there are any reservations about our > > plans: > > > > 1) We are currently planning to produce a crypto provider jar > > (gnu.java.security, gnu.javax.crypto and gnu.javax.security). > > Currently there are some dependencies on 'gnu.classpath.debug'. One > > suggestion was to produce a separate jar for this package. This > > sounds reasonable to me but are there any objections? The other minor > > dependencies on other classpath packages will be cleaned up. > > > > 2) We will extract a JCE jar with the javax.crypto classes. Most > > 1.4.x vendors now include these, however, they check to see if the > > provider is signed. This issue has been discussed earlier in various > > contexts [1]. If we produce this jar, users can use our crypto > > provider by placing the JCE jar in the endorsed directory of their > > JRE for instance (if they desire to do so). > > > > 3) A Jessie jar would be extracted in a similar manner. > > > > 4) Code in these packages (especially the JCE provider packages) will > > only use Java 1.4.x constructs for the time being so it can be used > > with 1.4.x based JDKs (PR28127). > > does anybody know of a free tool that can help detect usage of non-1.4 > API in a package/jar? could the JAPI tool be used for this or as part > of a solution? The eclipse compiler and building with -source 1.4 I would say. JAPI tools just check the class, method and field signtures, not the code. Cheers, Michael -- http://www.worldforge.org/
