Re: [GNU Crypto] JLDAP and Sasl - Shared code?

[Casey Marshall]

>>>>> "Matthew" == "Matthew Gregory <address@hidden>" <address@hidden> writes:

Matthew> I came across this issue while attempting to compile
Matthew> gnu-crypto.  I started getting errors saying that there was
Matthew> an undefined symbol in javax.security.Sasl but when checking
Matthew> the source the symbol was there.  Then I decided to search
Matthew> for a duplicate class in my classpath and indeed I found it.
Matthew> The duplicate class was in the jldap code.

Matthew> What's more, while examining the source for both classes it
Matthew> was self-evident that one class had been derived from the
Matthew> other.

Matthew> This isn't the way things are supposed to be done.  Either
Matthew> software is developed from scratch (not the case here) or
Matthew> software should credit the original source (also not the case
Matthew> here).

That's unnecessarily hostile.

We have a strict policy that all code contributed is the work of the
author, who consults only publicly available documentation covering
the API. We even require that contributors never even look at a
proprietary version of the API they are working on.

I've looked at both the version of the SASL API that we distribute,
and the one Novell distributes along with JLDAP. They have significant
differences, and I trust the contributor of this code completely to
not have taken code and re-attributed it. Even the documentation
comments differ significantly; what made you think that one was a copy
of the other?

If you mean that both define the same API, that is not an
accident. Both are implementations of JSR 28, which is a public
specification and is a part of the J2SE version 1.5.

Matthew> I have a questions and requests.

Matthew> 1.) Who is the author of this code?  Who is the maintainer?
Matthew> Who is responsible for updates?  I need these questions
Matthew> answered so that I can point to an authoritative source and
Matthew> so that the code has accountability.

Raif Naffah, raif -at- swiftdsl.com.au, was one of the original
authors, I believe, along with a colleague with whom he worked on some
SASL mechanisms.

I am the current maintainer of GNU Crypto, but must admit that my
schedule currently doesn't leave me enough time to work on it.

Matthew> 2.) Whoever is not the author or the maintainer needs to drop
Matthew> or merge their copy and the reference the other copy.  Or
Matthew> they need to fork the source and move it to a different
Matthew> package base.  It's pretty frigging hard to use two packages,
Matthew> both of which I need, when there isn't collaborative
Matthew> development.

Novell has apparently already moved their implementation from the
javax.security namespace to the com.novell namespace; comments in CVS
indicate that they did this to avoid conflicts with Java 5, which
includes the final version of the javax.security.sasl package.

The point of the javax.security.sasl package in GNU Crypto was to
provide this now-standard API to free Java class libraries and
runtimes; GNU Classpath, a full implementation of the entire J2SE API,
includes GNU Crypto's version. It is important (in my opinion, at
least) that the Free Software Foundation has under its copyright all
the files that compose its version of the J2SE API, written from
scratch, and we are certainly not going to simply dump our version
just because someone else wrote their own.

-- 
Casey Marshall || address@hidden