On 2013-11-06 19:50, Brian Carlstrom wrote: > On Wed, Nov 6, 2013 at 10:37 AM, Anders Rundgren > <[email protected]> wrote: >> It would be awfully nice if the bouncastle library made it into the public >> API one day. > > That isn't possible because the BouncyCastle API is not stable, it can > change from release to release. This isn't a bad thing, it just is. > > We made the mistake of making Apache HTTP client a part of the public > API and now we can't upgrade it because they made incompatible API > changes.
There are many aspects on limiting the public API: - Memory is wasted because every other app needs to bring their own ports of various libraries - Google gets a huge advantage over third-party developers. The public API for dealing with the AndroidKeyStore seems pretty crippled. Although I don't know the implications, I think you should start looking into modularization like exists in .NET where you indeed can simultaneously target multiple incarnations of subsystems. This would be particularly suited for external contributions like HTTP Client and BC. The DLL-hell still lives on :-| Cheers, Anders > > -bri > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
