On Thu, 21 Apr 2022 14:11:08 GMT, Alan Bateman <al...@openjdk.org> wrote:
>> I ran `codespell` on modules owned by the security team (`java.security.jgss >> java.security.sasl java.smartcardio java.xml.crypto jdk.crypto.cryptoki >> jdk.crypto.ec jdk.crypto.mscapi jdk.security.auth jdk.security.jgss`), and >> accepted those changes where it indeed discovered real typos. >> >> I will update copyright years using a script before pushing (otherwise like >> every second change would be a copyright update, making reviewing much >> harder). >> >> The long term goal here is to make tooling support for running `codespell`. >> The trouble with automating this is of course all false positives. But >> before even trying to solve that issue, all true positives must be fixed. >> Hence this PR. > > The folks on security-dev will know for sure but I assume that the changes to > the imported Apache Santuario code should be dropped as it will make upgrades > more complicated. > @AlanBateman So there is even more 3rd party code in there? :-( I tried to > ignore fixes for all files that I could identify as 3rd party. It's actually > a bit annoying that we have imported source code thrown around like this in > the source tree, so there is no clear boundary between code we own and code > we import from someone else... security-dev can say for sure but the only 3rd party code I see in this change is in the src/java.xml.crypto/share/classes/com/sun/org/apache tree (the package name gives a hint has it was it was re-packaged). ------------- PR: https://git.openjdk.java.net/jdk/pull/8340