Hi, Roland, I have already noticed some confusion about the "commons-ssl" name - someone emailed httpclient-dev asking:
"Does this SSL support TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA?" I had to explain that Commons-SSL just sits on top of the JSSE and JCE to try and make working with SSL and Java easier. Your point about the name is a good one. Regarding the BouncyCastle code, I sent an email to the BouncyCastle mailing list. Here's the reply I got: On 11/28/06, David Hook wrote:
Thanks for the feedback! Cool. In regards: >Is there any way I can have ONLY these 100 lines and license it under > Apache 2.0? I would be more than happy to attribute it to you guys in > my NOTICE.txt file, as well as in comments in the code, and on my main > web page. If attribution is included we have no issue with the section of code being included in a product distributed under Apache 2.0. Regards, David
I hope that's sufficient to address the licensing concern. yours, Julius On 12/1/06, Roland Weber <[EMAIL PROTECTED]> wrote:
Hi Julius, it's great to see that you finally got the proposal ball rolling :-) I didn't look into your code, so my comments are based on the proposal itself and on your web page. I like the positive attitude with which you present the advantages of the project. However, I a missing a clear definition of the _project_scope_. That may seem like a small detail, but it really is a precondition for finding both an appropriate name and home for your code base. From your description, I understand that the purpose is - giving easy access to different types of key material and certificates - verifying certificates and certificate chains - bridging different Java APIs (?) The working title "Commons-SSL" does not really reflect this. Do you plan to implement the SSL protocol as part of the project? Probably not, so the title is misleading. An all-encompassing name might also be offensive to people working on other SSL-related projects. I think you should spend the time and define not only a motto, but a very clear scope of the project. Both in terms of what's in scope as well as what's out of scope. From there on, we can work on finding a name and home. Please do not underestimate the importance of this step. Finding a name may seem like a minor detail, but the problem of defining the scope is very real. Only a few months ago, there was a long discussion on this list about a proposal for "testing.apache.org". I haven't read anything about it anymore after the supporters realized that a scope of "everything that has to do with testing" was overly broad. We don't want to see that happen to your proposal. I am also a little worried about this statement on your web page: > The PKCS12 key derivation function (for some PKCS8 version 1.5 encrypted > keys) was cut & paste from BouncyCastle (bouncycastle.org). They > originally got it from RSA's PKCS12 specification > (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf), > so we hope this copy & paste operation is okay! The BouncyCastle license (http://bouncycastle.org/licence.html) is quite specific that the license must remain intact. You can not just relicense their code under the Apache License. That's assuming that the part you copied and pasted was not explicitly released with a different license. cheers, Roland --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- yours, Julius Davies 416-652-0183 http://juliusdavies.ca/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
