As far as Tuscany is concerned our dependency on BouncyCastle comes thro our use of Rampart 1.3. I just checked up the Rampart distros and it does have the bouncy castle jar packed in it - releases and snapshots (eg. http://people.apache.org/dist/rampart/nightly/rampart-SNAPSHOT.zip). Though this is an indirect dependency I know its impending on Tuscany to individually address legal implications. If there is something that Rampart has followed for this, then I'd like to know that to follow in Tuscany as well.
Thanks - Venkat On 9/16/07, James M Snell <[EMAIL PROTECTED]> wrote: > > I'll say "Generally Soft". There are a couple of classes that require > bouncy to compile, but their use is entirely optional. Two of the > classes are example code that is only shipped in source form -- we test > compile the examples before shipping them. The other classes are > optional utility classes that are shipped as part of the optional > security module. Other crypto providers can be used as an alternative > and it would literally only take a couple of minutes to remove the > compile-time dependency. > > - James > > William A. Rowe, Jr. wrote: > > James M Snell wrote: > >> Well, as far as Abdera is concerned, there'd be absolutely no problem > >> with not shipping the jar. We can easily document how to go off and > get > >> the jar and the functions we're using it for can be provided by other > >> crypto providers. If the board does not want us shipping it, just let > >> us know and I'll pull it out. > > > > Out of curiosity, is it a hard or soft dependency? > > > > And I'm still curious to know if bouncycastle has an unencumbered > alternate > > download without IDEA. > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
