Bug#578578: sun-java6: crypto policy configuration files violate Debian policy

Markus Hochholdinger Markus at hochholdinger.net
Mon Jun 28 09:31:57 UTC 2010


Hello,

I've now testet:
  sudo 
dpkg-divert --rename /usr/lib/jvm/java-6-sun-1.6.0.20/jre/lib/security/local_policy.jar
  sudo 
dpkg-divert --rename /usr/lib/jvm/java-6-sun-1.6.0.20/jre/lib/security/US_export_policy.jar
out of the README.Debian (6.20-dlj-4), but I tested this for Debian 5.0.4, so 
I had to use:
  
dpkg-divert --rename /usr/lib/jvm/java-6-sun-1.6.0.12/jre/lib/security/local_policy.jar 
  
dpkg-divert --rename /usr/lib/jvm/java-6-sun-1.6.0.12/jre/lib/security/US_export_policy.jar

After aptitude safe-upgrade the directory /usr/lib/jvm/java-6-sun-1.6.0.12 
vanished and in /usr/lib/jvm/java-6-sun-1.6.0.20/jre/lib/security/ the files 
from the debian package were used. My changed files "local_policy.jar" 
and "US_export_policy.jar" were deleted!

So I assume this "workaround" doesn't work if the version of java (like here 
1.6.0.12 to 1.6.0.20) changes.

(It's very dangerous because you notice the change only after the java vm is 
restartet. This can happen long after the upgrade of java, so the java 
developers will be puzzled what's suddenly wrong!)

Isn't it possible to put these two files in /etc/java-6-sun/security/ , like 
the file cacerts, and symlink? With this I'll be asked if I want to overwrite 
my changes or not, with cacerts this works very well!

Apropos configuration files in /etc, the file /etc/java-6-sun/security/cacerts 
doesn't seem to look well in vi, so i suppose local_policy.jar and 
US_export_policy.jar could be also there. Upstream - cacerts, 
local_policy.jar and US_export_policy.jar ARE in the same dirctory 
(lib/security/)!


-- 
greetings

eMHa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20100628/11b2b7f6/attachment-0001.pgp>


More information about the pkg-java-maintainers mailing list