Ubuntu
bouncycastle package

new libitext-java source needs libbcprov-java promoted to main

Bug #309411 reported by Chris Cheney
4
Affects Status Importance Assigned to Milestone
bouncycastle (Ubuntu)
Fix Released
High
Steve Langasek
Ubuntu ubuntu-9.04
Jaunty
Fix Released
High
Steve Langasek
Ubuntu ubuntu-9.04

Bug Description

Binary package hint: libitext-java

It was brought to my attention by Onkar Shinde that the new version of libitext-java source is now in Ubuntu but can't build due to needing libbcprov-java.

https://wiki.ubuntu.com/MainInclusionReportBouncyCastle

See original description
Revision history for this message
Martin Pitt (pitti) wrote :

Needs MIR (crypto/security relevant, needs maintainer), and conversion to default-jdk. Thanks!

Alternatively, we could build our libitext without bouncycastle support.

Changed in bouncycastle:
status: New → Incomplete
Steve Langasek (vorlon)
description: updated
Revision history for this message
Steve Langasek (vorlon) wrote :

MIR filed and linked from the bug description.

Changed in bouncycastle (Ubuntu Jaunty):
status: Incomplete → New
Revision history for this message
Steve Langasek (vorlon) wrote :

Marked high, this should be resolved for release. From what I can see, the latest upstream version if libitext-java exposes classes in its API that are derived from bouncycastle classes, so it's not possible to reasonably exclude bouncycastle from main without reverting libitext-java to a previous upstream version.

Changed in bouncycastle (Ubuntu Jaunty):
importance: Undecided → High
Steve Langasek (vorlon)
Changed in bouncycastle (Ubuntu Jaunty):
milestone: none → ubuntu-9.04
Revision history for this message
Kees Cook (kees) wrote :

Adding this to main would continue the proliferation of duplicated crypto code. Among other things, BC has implementations of TLS, x509, OpenPGP, and ASN.1 parsing. It links against none of the common system libraries for performing these tasks, and the build does not even run its own test suite. I am unhappy promoting this to main just to support PDF generation via libitext-java.

In other news, bouncycastle was embedded in the old libitext-java code (seelibitext-java-1.4.5/com/lowagie/bc/*), so there is technically no greater support overhead by including it. If, while making the other changes needed ("conversion to default-jdk"), the testsuite was also enabled in the build, I would approve this going into main.

Changed in bouncycastle (Ubuntu Jaunty):
status: New → Incomplete
Steve Langasek (vorlon)
Changed in bouncycastle (Ubuntu Jaunty):
assignee: nobody → vorlon
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bouncycastle - 1.39-2ubuntu1

---------------
bouncycastle (1.39-2ubuntu1) jaunty; urgency=low

  * Enable the testsuite at build time. LP: #309411.
  * debian/patches/01_build.patch: fix wrong shell operator in ./build1-4,
    so that the "test" option is honored.

 -- Steve Langasek <email address hidden> Fri, 10 Apr 2009 08:10:02 +0000

Changed in bouncycastle (Ubuntu Jaunty):
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.