[PATCH FOR REVIEW] Allow OpenJDK to be built with the unlimited crypto policy (original) (raw)

Andrew Hughes gnu.andrew at redhat.com
Wed Sep 26 13:55:23 UTC 2012


----- Original Message -----

On 9/18/2012 7:39 AM, Andrew Hughes wrote: > The following simple webrev will achieve what I think is needed: > > http://cr.openjdk.java.net/~andrew/100062/webrev.01/ > > allowing OpenJDK to be built with the unlimited rather than limited > crypto policy in place. I got a chance to talk to Valerie, and what you've done looks good. I'm "wetmore" if you need a reviewer, and I think Kelly has looked at it too.

Thanks Brad.

> I just placed it within the OPENJDK ifdef so it > won't interfere with the proprietary build at all, as obviously I > can't test it Please leave your new code check within the "ifdef OPENJDK". Will you be putting this back yourself? If so let me know when you go in, and I can update the bug once you're in.

I will, though I'll need a bug ID for it. I presume tl is ok as the forest to use?

Mark wrote: > The summary is that it was just easier to remove unused classes > that > made the code tricky to understand for no good reason except for > some > secret proprietary code.

Unfortunately, Oracle and some of our commercial (non-OpenJDK) licensees still depend on that tricky code. :( I'd personally love to strip it all out, but we have to balance all of its consumers (Oracle SE and ME, commercial source/binary licensees, OpenJDK, etc.) Andrew wrote: > I'm sure it would be easy enough to dump those classes if Oracle > started producing OpenJDK binaries licensed under the GPL, rather > than binaries from their proprietary fork. Unfortunately, not likely in our current export/import climate.

Yes, this is what I thought. We just have to make sure to test well before shipping binaries.

Brad >

Andrew :)

Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com)

PGP Key: 248BDC07 (https://keys.indymedia.org/) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07



More information about the security-dev mailing list