[PATCH FOR REVIEW] Allow OpenJDK to be built with the unlimited crypto policy

Andrew Hughes gnu.andrew at redhat.com
Wed Sep 26 13:55:23 UTC 2012



----- Original Message -----
> 
> 
> On 9/18/2012 7:39 AM, Andrew Hughes wrote:
> > The following simple webrev will achieve what I think is needed:
> >
> > http://cr.openjdk.java.net/~andrew/100062/webrev.01/
> >
> > allowing OpenJDK to be built with the unlimited rather than limited
> > crypto policy in place.
> 
> I got a chance to talk to Valerie, and what you've done looks good.
>  I'm
> "wetmore" if you need a reviewer, and I think Kelly has looked at it
> too.

Thanks Brad.

> 
>  > I just placed it within the OPENJDK ifdef so it
>  > won't interfere with the proprietary build at all, as obviously I
>  > can't test it
> 
> Please leave your new code check within the "ifdef OPENJDK".
> 
> Will you be putting this back yourself?  If so let me know when you
> go
> in, and I can update the bug once you're in.
> 

I will, though I'll need a bug ID for it.  I presume tl is ok as the
forest to use?

> Mark wrote:
>  > The summary is that it was just easier to remove unused classes
>  > that
>  > made the code tricky to understand for no good reason except for
>  > some
>  > secret proprietary code.
> 
> Unfortunately, Oracle and some of our commercial (non-OpenJDK)
> licensees
> still depend on that tricky code.  :(  I'd personally love to strip
> it
> all out, but we have to balance all of its consumers (Oracle SE and
> ME,
> commercial source/binary licensees, OpenJDK, etc.)
> 
> Andrew wrote:
>  > I'm sure it would be easy enough to dump those classes if Oracle
>  > started producing OpenJDK binaries licensed under the GPL, rather
>  > than binaries from their proprietary fork.
> 
> Unfortunately, not likely in our current export/import climate.
> 

Yes, this is what I thought.  We just have to make sure to test well
before shipping binaries.

> Brad
> 
> 

-- 
Andrew :)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F  8F91 3B96 A578 248B DC07




More information about the security-dev mailing list