Bug#578578: java6 crypt policy files in /etc
Andreas Unterkircher
unki at netshadow.at
Thu Apr 29 09:16:00 UTC 2010
>> I don't think so. A config file is a file that you can edit with
>> either a text editor or some specialized configuration tool but a jar
>> file does not fall into that category.
>> I tend to set the wontfix tag because i think that dpkg-divert is the
>> right tool.
> I support the wontfix. A compressed file is not a config file.
But if you argue like this - what has then /etc/localtime,
/etc/krb5.keytab, /etc/ld.so.cache, ... and so on to do in /etc? They
are also not editable as text but it is a must that those files need
to be there in /etc (ok, maybe comparing apples and oranges...).
IMHO what is important here is that those two files are not as static
as they seem to be. As far as I understand if you are outside the US
and want to use the unlimited-strength cryptography extension you have
to replace those two.
Quoting http://java.sun.com/javase/6/webnotes/README.html
Due to import control restrictions for some countries, the Java
Cryptography Extension (JCE) policy files shipped with the JDK and the
JRE allow strong but limited cryptography to be used. These files are
located at
....
An unlimited strength version of these files indicating no
restrictions on cryptographic strengths is available on the JDK web
site for those living in eligible countries. Those living in eligible
countries may download the unlimited strength version and replace the
strong cryptography jar files with the unlimited strength files.
Maybe a more flexible way (like in the way of update-alternatives or
so) would be better instead of using dpkg-divert to stop the package
overwriting files that were moved there to actually be able to use
Java-based software that requires unlimited JCE at all.
Andreas
More information about the pkg-java-maintainers
mailing list