> > General to all code developed and/or exported from the USA that > > contains any crypto code. Adding S/MIME support to JAMES > created the problem. > > Well the problem is not the S/MIME code itself, as it merely > leverages on the BouncyCastle api for the crypto-routines. > The fact that we bundle BouncyCastle is actually the real problem. > > Why not have users download BC themselves (like with JavaMail > and JAF), this would avoid the BXA issues. > > This is also the approach chosen by "Apache XML Security", > see bottom of this > page: > http://xml.apache.org/security/Java/installation.html
For source distribution we can automate the downloading process but what about binary distributions? We currently need bc* jars in the .sar file: I know it is a simple zip file, but many people could find this difficult. We should also find a solution for GPL/LGPL mysql drivers: AFAIK we should not have GPL/LGPL code committed in ASF repositories. I think we should remove the bundled mysql driver and put a link to the download in the config.xml. Stefano --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
