On 26/09/2014 16:45, Christopher Schultz wrote: >> +1 for commit. > > Are you up for back-porting this to Tomcat 7?
Hmm. Not sure at this point. I'd like to give it sometime to settle in to 8.0.x first. > I noticed that you > committed to trunk in smaller pieces rather than a single commit. Was > that to make it easier to back-out certain items if necessary? More so folks could see how the solution evolved. > Finally, I'd like to write an implementation for bcrypt which is quite > popular, but we have already discussed not wanting to have a build-time > dependency on anything we don't absolutely need (a policy with which I > totally agree). Can you point me to that discussion (where no doubt I will have taken completely the opposite position to the one I am about to take). Build time dependencies don't bother me as long as: - they are required for release (so we don't break things) - they are optional for other build targets (so folks can still build a working instance without them) So I'd be +1 for BcryptCredentialHandler that shipped with Tomcat but required the user to manually add one or more JARs to make it work. > Where would be the best place to put a bcrypt implementation? Source > code on the wiki? There's the possibility of writing an implementation > using reflection, but that prospect is quite horrifying to me. :) I'm leaning towards "in the source tree" but if you wanted to put it somewhere else, the wiki is as good as anywhere. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
