Bug#330467: SSL (JSSE) already provided by j2re1.4+

Julien Wajsberg felash at gmail.com
Fri Sep 30 23:43:57 UTC 2005


On 01/10/05, Arnaud Vandyck <avdyk at debian.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Julien Wajsberg wrote:
> > On 28/09/05, Arnaud Vandyck <avdyk at debian.org> wrote:
> >
> >>>Tomcat actually needs a JDK and not a JRE.
> >
> > It already depends on a jdk. I suggested an _additional_ and
> > _conditionnal_ dependency, not one that would replace the existing
> > dependencies.
>
> I don't understand why a conditional dependency on jessie. Jessie could
> be installed along with jdk1.4 and provides better security!

I didn't know that it would provide better security :)

>
> >>>I believe the addition of
> >>>the libjessie-java dependency is part of moving Tomcat 4 to main;
> >>>Wolfgang and Arnaud can best answer that.  Since the Sun JRE/JDK is
> >>>never an asuumption for anything moved to main, dependencies will
> >>>seldom reflect a Sun-centric perspective.
> >
> > I believe I used the "or" operator for the dependencies. That's why I
> > don't think that the dependencies I suggested would prevent tomcat4
> > from going to main. (But i'm maybe wrong on that though).
>
> If jdk is a dependency, tomcat4 will not go to main.

ok.

>
> > Maybe the best idea would be a "jsse" virtual package: libjessie-java
> > would provide it, as would other packages like ones generated by
> > java-package.
>
> No, jessie is a javax.net security provider, as saxon, gnujaxp, xerces
> are xml parsers. You can choose the one you want. I don't know why you
> don't wanna have jessie in your system.

Just because I thought it was useless for me because Sun JRE already
provides this functionnality. And I don't see the point in having an
useless library on my system, even if it's free.

But I admit it was much more a concern before, when it depended on classpath ;)

Let's close definitely this bug, sorry for bugging you...

--
Julien




More information about the pkg-java-maintainers mailing list