Bug#578578: sun-java6: crypto policy configuration files violate Debian policy

[moog]

Package: sun-java6
Version: 6.20-dlj-1
Severity: serious
Justification: Policy 10.7.2
Tags: patch

local_policy.jar and US_export_policy.jar are configuration files
according to Debian's definition, because as Sun's README explains,
sysadmins in eligible countries are intended to replace these files
with unlimited encryption strength versions if they wish.

These files should therefore be moved under /etc and symlinked to,
as has already been done with the other security files such as
java.security and java.policy.

Here is a suggested patch to debian/rules for achieving this:

-------------------------------------------------------------------------------------

diff -Nur sun-java6-6.20-dlj-1/debian/rules sun-java6-6.20-dlj-1.patched/debian/rules
--- sun-java6-6.20-dlj-1/debian/rules	2010-04-20 16:16:16.000000000 +0100
+++ sun-java6-6.20-dlj-1.patched/debian/rules	2010-04-20 21:15:23.000000000 +0100
@@ -194,8 +194,6 @@
 	jre/lib/ext/dnsns.jar \
 	jre/lib/ext/localedata.jar \
 	jre/lib/jce.jar \
-	jre/lib/security/US_export_policy.jar \
-	jre/lib/security/local_policy.jar \
 	jre/lib/im/indicim.jar \
 	jre/lib/im/thaiim.jar \
 	jre/lib/charsets.jar \
@@ -531,7 +529,7 @@
 		$(d_jbin)/etc/$(jdiralias)/
 	: # TODO: why do we provide a custom font.properties.ja?
 	: # cp -p debian/font.properties.ja $(d_jbin)/etc/$(jdiralias)/.
-	-mv $(d_jbin)/$(basedir)/jre/lib/security/{java.*,cacerts} \
+	-mv $(d_jbin)/$(basedir)/jre/lib/security/{java.*,cacerts,*_policy.jar} \
 		$(d_jbin)/$(security)

 	: # create links for the conffiles

-------------------------------------------------------------------------------------

Thanks very much.

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash