Hi Julius, it's great to see that you finally got the proposal ball rolling :-)
I didn't look into your code, so my comments are based on the proposal itself and on your web page. I like the positive attitude with which you present the advantages of the project. However, I a missing a clear definition of the _project_scope_. That may seem like a small detail, but it really is a precondition for finding both an appropriate name and home for your code base. >From your description, I understand that the purpose is - giving easy access to different types of key material and certificates - verifying certificates and certificate chains - bridging different Java APIs (?) The working title "Commons-SSL" does not really reflect this. Do you plan to implement the SSL protocol as part of the project? Probably not, so the title is misleading. An all-encompassing name might also be offensive to people working on other SSL-related projects. I think you should spend the time and define not only a motto, but a very clear scope of the project. Both in terms of what's in scope as well as what's out of scope. From there on, we can work on finding a name and home. Please do not underestimate the importance of this step. Finding a name may seem like a minor detail, but the problem of defining the scope is very real. Only a few months ago, there was a long discussion on this list about a proposal for "testing.apache.org". I haven't read anything about it anymore after the supporters realized that a scope of "everything that has to do with testing" was overly broad. We don't want to see that happen to your proposal. I am also a little worried about this statement on your web page: > The PKCS12 key derivation function (for some PKCS8 version 1.5 encrypted > keys) was cut & paste from BouncyCastle (bouncycastle.org). They > originally got it from RSA's PKCS12 specification > (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf), > so we hope this copy & paste operation is okay! The BouncyCastle license (http://bouncycastle.org/licence.html) is quite specific that the license must remain intact. You can not just relicense their code under the Apache License. That's assuming that the part you copied and pasted was not explicitly released with a different license. cheers, Roland --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
