[Bug 521983] New package for Dogtag PKI: osutil

bugzilla at redhat.com bugzilla at redhat.com
Tue Sep 15 21:19:58 UTC 2009 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=521983


Matthew Harmsen <mharmsen at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mharmsen at redhat.com




--- Comment #6 from Matthew Harmsen <mharmsen at redhat.com>  2009-09-15 17:19:56 EDT ---
The referenced packaging guideline appears to mandate a source code change
without any particular security or performance rationale.

As this cross-platform code must run on both 32-bit and 64-bit platforms on
multiple architectures, and has been successfully utilized on a number of
different JVM versions from multiple vendors over the course of the past
decade, upstream does not accept this change without a more sound security or
performance rationale.

Additionally, the packaging logic follows the example of a closely related
existing Fedora JNI library package called JSS (e. g. - from a machine running
32-bit Fedora 11):

# rpm -qlv jss
-rw-r--r--    1 root    root                   681931 Aug 21 01:34
/usr/lib/java/jss4-4.2.6.jar
lrwxrwxrwx    1 root    root                       14 Aug 21 01:34
/usr/lib/java/jss4.jar -> jss4-4.2.6.jar
-rwxr-xr-x    1 root    root                   176840 Aug 21 01:34
/usr/lib/libjss4.so
drwxr-xr-x    2 root    root                        0 Aug 21 01:34
/usr/share/doc/jss-4.2.6
-rw-r--r--    1 root    root                    25755 Dec 14  2008
/usr/share/doc/jss-4.2.6/MPL-1.1.txt
-rw-r--r--    1 root    root                    17987 Dec 14  2008
/usr/share/doc/jss-4.2.6/gpl.txt
-rw-r--r--    1 root    root                     4680 Apr 25  2004
/usr/share/doc/jss-4.2.6/jss.html
-rw-r--r--    1 root    root                    26436 Dec 14  2008
/usr/share/doc/jss-4.2.6/lgpl.txt

However, in an effort to obtain more detailed information in this area, I am
cc'ing Andrew Haley of the Open JDK community for any known
security/performance issues regarding the use of "System.loadLibrary()" versus
"System.load()".

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the Fedora-package-review mailing list