[very much RFC][icedtea-web] fix for [Bug 564] NetX depends on sun.misc.BASE64Encoder

Jiri Vanek jvanek at redhat.com
Mon Oct 17 03:41:56 PDT 2011 

On 10/11/2011 07:08 PM, Deepak Bhole wrote:
> * Omair Majid<omajid at redhat.com>  [2011-10-07 13:01]:
>> On 10/07/2011 12:09 PM, Jiri Vanek wrote:
>>> Only drawback of copypasting this explicit code is that we lost possible
>>> updates from third party (where is it much more used then in icedtea-web)
>>
>> Actually, I am against copying code into icedtea-web. Not only do we
>> lose the benefit from updates, if any security issues are discovered
>> in the code (not that sun.misc.BASE64Encoder is likely to have
>> many), we will have to update the code in icedtea-web as well. To be
>> safe, that would mean that we look every security update for openjdk
>> and double check that the code we copied into icedtea-web is not
>> affected by the fix.
>>
>> I think https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Why_no_Bundled_Libraries
>> gives many more reasons why copying code ("bundling") into
>> icedtea-web may be a bad idea.
>>
>> Still, if others think it is fine to copy a small (and rather safe)
>> piece of code into icedtea-web, then please don't let me stop you.
>>
>
> True. My response was specific to Base64Encoder only though. Since 2009,
> there have been no security updates to that file:
> http://hg.openjdk.java.net/jdk6/jdk6-gate/jdk/log/b139627f7bc3/src/share/classes/sun/misc/BASE64Encoder.java
>
> It doesn't seem like the kind that would have too many (if any). Given
> that, I felt copying might be more viable here.
>
> Cheers,
> Deepak

2011-10-17  Jiri Vanek <jvanek at redhat.com>	
	
	PR564: NetX depends on sun.misc.BASE64Encoder
	* configure.ac: removed IT564 comment, removed check for sun.misc.BASE64Encoder
	* netx/net/sourceforge/jnlp/security/CertificateUtils.java : sun.misc.BASE64Encoder;
	replaced (just changed import) by internal implementation from
	net.sourceforge.jnlp.util.replacements.BASE64Encoder;
	* netx/net/sourceforge/jnlp/util/replacements/BASE64Encoder.java:
	* netx/net/sourceforge/jnlp/util/replacements/CharacterEncoder.java:
	New files, internal implementation of BASE64Encoder,  copied from OpenJDK
	* tests/netx/unit/net/sourceforge/jnlp/util/replacements/BASE64EncoderTest.java
	New file, t test internal base64encoder implementation

-------------- next part --------------
A non-text attachment was scrubbed...
Name: coopiedBAse64Encoder.diff
Type: text/x-patch
Size: 25031 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20111017/61344b2d/coopiedBAse64Encoder.diff

More information about the distro-pkg-dev mailing list