You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by Stefan Bodewig <bo...@apache.org> on 2005/05/10 10:34:59 UTC
[PGP] New Sandbox component
Hi,
members of the Maven, Ant and Repository teams have been thinking
about adding PGP support to their respective projects for a while, but
so far neither of those projects has made any real attempt to do so.
Some discussion on the Ant dev list that involved Ant and Maven
committers lead to the idea of commons-pgp.
The goal is a library that provides a simple API to PGP sign files (or
streams?) and verify PGP signatures. This may be extended to key
management or encryption/decryption later. The idea is to start with
an implementation based on Bouncycastle's[1] library but keep the API
independent of it in order to allow different providers like
cryptix[2] to be written.
The library itself is supposed to be independent of either Ant or
Maven.
The initial set of committers will be Brett Porter, Matte Benson (who
is an Ant committer, I've just granted him commit access to the
sandbox) and myself, but more helping hands are certainly welcome.
So far all there is is a README file describing the purpose of the
component. We probably should have an API sketch before we go further
than that. Somebody with commons karma will have to add pgp to the
externals of trunks-sandox at one point.
Based on the projects involved the question probably won't be whether
we use Maven or Ant to build the project, we'll support both. 8-)
Cheers
Stefan
Footnotes:
[1] http://www.bouncycastle.org/
[2] http://www.cryptix.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org
Re: [PGP] New Sandbox component
Posted by Brett Porter <br...@apache.org>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stefan Bodewig wrote:
>Since the directory is not a "subdirectory" of sandbox, you need
>commons "proper" karma to add a new component to it.
Oh, is that what you meant? Sure, I'll do it now...
- - Brett
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Cygwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCgbI1Ob5RoQhMkRMRAjUBAJ99j8oIzejC34eAeP9Imeu82WbncgCgtsQl
2JPN4YXSga2IUVGbxvrUsoM=
=95AD
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org
Re: [PGP] New Sandbox component
Posted by Stefan Bodewig <bo...@apache.org>.
On Tue, 10 May 2005, Martin Cooper <mf...@gmail.com> wrote:
> On 5/10/05, Stefan Bodewig <bo...@apache.org> wrote:
>> Somebody with commons karma will have to add pgp to the externals
>> of trunks-sandox at one point.
>
> Can you elaborate, please?
I can try 8-)
> What needs to be added to what, exactly?
http://svn.apache.org/repos/asf/jakarta/commons/trunks-sandbox/ is
more or less empty but has an svn:externals property that pulls in the
trunks of all sandbox components.
Since the directory is not a "subdirectory" of sandbox, you need
commons "proper" karma to add a new component to it.
I don't have that karma. Something I could change easily (using the
super-human "oh, I happen to be Gump's PMC chairman" power) but don't
want to. Until the pgp component gets promoted to proper, there is no
reason to grant commit access to me or Matt. When it gets promoted,
we'll vote on promoting Matt and myself at the same time.
> And when is "some point"? ;-)
As soon as we have something to build and want to make it available to
Gump. Could be earlier, but no need to rush.
Brett may even overcome his hate-relation with svn:externals and do it
for us ;-)
Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org
Re: [PGP] New Sandbox component
Posted by Martin Cooper <mf...@gmail.com>.
On 5/10/05, Stefan Bodewig <bo...@apache.org> wrote:
> Hi,
>
> members of the Maven, Ant and Repository teams have been thinking
> about adding PGP support to their respective projects for a while, but
> so far neither of those projects has made any real attempt to do so.
>
> Some discussion on the Ant dev list that involved Ant and Maven
> committers lead to the idea of commons-pgp.
>
> The goal is a library that provides a simple API to PGP sign files (or
> streams?) and verify PGP signatures. This may be extended to key
> management or encryption/decryption later. The idea is to start with
> an implementation based on Bouncycastle's[1] library but keep the API
> independent of it in order to allow different providers like
> cryptix[2] to be written.
>
> The library itself is supposed to be independent of either Ant or
> Maven.
>
> The initial set of committers will be Brett Porter, Matte Benson (who
> is an Ant committer, I've just granted him commit access to the
> sandbox) and myself, but more helping hands are certainly welcome.
>
> So far all there is is a README file describing the purpose of the
> component. We probably should have an API sketch before we go further
> than that. Somebody with commons karma will have to add pgp to the
> externals of trunks-sandox at one point.
Can you elaborate, please? What needs to be added to what, exactly?
And when is "some point"? ;-)
--
Martin Cooper
> Based on the projects involved the question probably won't be whether
> we use Maven or Ant to build the project, we'll support both. 8-)
>
> Cheers
>
> Stefan
>
> Footnotes:
> [1] http://www.bouncycastle.org/
>
> [2] http://www.cryptix.org/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-dev-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org
Re: [PGP] New Sandbox component
Posted by Stefan Bodewig <bo...@apache.org>.
On Tue, 10 May 2005, Noel J. Bergman <no...@devtech.com> wrote:
> We have written code to do some of that for JAMES using
> BouncyCastle, so I think we'd be interested in seeing a Commons API,
> and making sure that it supports our needs, too.
Great.
Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org
RE: [PGP] New Sandbox component
Posted by "Noel J. Bergman" <no...@devtech.com>.
> members of the Maven, Ant and Repository teams have been thinking
> about adding PGP support to their respective projects for a while,
> but so far neither of those projects has made any real attempt to
> do so.
> The goal is a library that provides a simple API to PGP sign files
> (or streams?) and verify PGP signatures. This may be extended to key
> management or encryption/decryption later. The idea is to start with
> an implementation based on Bouncycastle's[1] library but keep the API
> independent of it in order to allow different providers like
> cryptix[2] to be written.
We have written code to do some of that for JAMES using BouncyCastle, so I
think we'd be interested in seeing a Commons API, and making sure that it
supports our needs, too.
> The initial set of committers will be Brett Porter, Matte Benson (who
> is an Ant committer
I'm CC'ing Vincenzo, who contributed our S/MIME code.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org