Ugh, you're right. Please accept my appology. I really did try not to be hostile about anything but it had been a long day and this event was just one more thing on top keeping me from finishing what I was working on.
No matter how often I tell myself to wait and cover all the bases (such as reading the SASL spec... duh) I still find myself doing this on occasion.
After crossing out everything covered in the spec (like variable names, statics, etc... ) the code was sufficiently different to shoot down my initial reaction.
Again, please forgive the hasty email.
-> (not the case here) ... <author slaps self... repeatedly>
-Matt
On Thu, 28 Apr 2005, Casey Marshall wrote:
"Matthew" == "Matthew Gregory <[EMAIL PROTECTED]>" <[EMAIL PROTECTED]> writes:
Matthew> I came across this issue while attempting to compile Matthew> gnu-crypto. I started getting errors saying that there was Matthew> an undefined symbol in javax.security.Sasl but when checking Matthew> the source the symbol was there. Then I decided to search Matthew> for a duplicate class in my classpath and indeed I found it. Matthew> The duplicate class was in the jldap code.
Matthew> What's more, while examining the source for both classes it Matthew> was self-evident that one class had been derived from the Matthew> other.
Matthew> This isn't the way things are supposed to be done. Either Matthew> software is developed from scratch (not the case here) or Matthew> software should credit the original source (also not the case Matthew> here).
That's unnecessarily hostile.
We have a strict policy that all code contributed is the work of the author, who consults only publicly available documentation covering the API. We even require that contributors never even look at a proprietary version of the API they are working on.
I've looked at both the version of the SASL API that we distribute, and the one Novell distributes along with JLDAP. They have significant differences, and I trust the contributor of this code completely to not have taken code and re-attributed it. Even the documentation comments differ significantly; what made you think that one was a copy of the other?
If you mean that both define the same API, that is not an accident. Both are implementations of JSR 28, which is a public specification and is a part of the J2SE version 1.5.
Matthew> I have a questions and requests.
Matthew> 1.) Who is the author of this code? Who is the maintainer? Matthew> Who is responsible for updates? I need these questions Matthew> answered so that I can point to an authoritative source and Matthew> so that the code has accountability.
Raif Naffah, raif -at- swiftdsl.com.au, was one of the original authors, I believe, along with a colleague with whom he worked on some SASL mechanisms.
I am the current maintainer of GNU Crypto, but must admit that my schedule currently doesn't leave me enough time to work on it.
Matthew> 2.) Whoever is not the author or the maintainer needs to drop Matthew> or merge their copy and the reference the other copy. Or Matthew> they need to fork the source and move it to a different Matthew> package base. It's pretty frigging hard to use two packages, Matthew> both of which I need, when there isn't collaborative Matthew> development.
Novell has apparently already moved their implementation from the javax.security namespace to the com.novell namespace; comments in CVS indicate that they did this to avoid conflicts with Java 5, which includes the final version of the javax.security.sasl package.
The point of the javax.security.sasl package in GNU Crypto was to provide this now-standard API to free Java class libraries and runtimes; GNU Classpath, a full implementation of the entire J2SE API, includes GNU Crypto's version. It is important (in my opinion, at least) that the Free Software Foundation has under its copyright all the files that compose its version of the J2SE API, written from scratch, and we are certainly not going to simply dump our version just because someone else wrote their own.
-- Casey Marshall || [EMAIL PROTECTED]
Matthew Gregory Sr @ [EMAIL PROTECTED] && [EMAIL PROTECTED] 1107 Crooked Oak Dr. Lenoir City, TN 37771
OpenPGP (gpg) public key at http://www.skyleach.com/skyleach-public-keys/
homepage: http://www.skyleach.com
_______________________________________________ gnu-crypto-discuss mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnu-crypto-discuss
