 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
8 messages in net.java.dev.jna.usersRe: [jna-users] JNA in JWS (how not t...| From | Sent On | Attachments |
|---|---|---|
| Petr Aubrecht | May 7, 2009 3:54 am | |
| LYou...@gkservices.com | May 7, 2009 7:15 am | |
| Petr Aubrecht | May 7, 2009 7:27 am | |
| LYou...@gkservices.com | May 7, 2009 8:16 am | |
| Timothy Wall | May 8, 2009 4:45 am | |
| Stephen Connolly | May 8, 2009 5:18 am | |
| Petr Aubrecht | May 8, 2009 5:18 am | |
| Petr Aubrecht | May 8, 2009 7:09 pm |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: [jna-users] JNA in JWS (how not to break LGPL) | Actions... |
|---|---|---|
| From: | Petr Aubrecht (aubr...@gmail.com) | |
| Date: | May 8, 2009 7:09:22 pm | |
| List: | net.java.dev.jna.users | |
Actually, this sounds good as I'm thinking about it!
I can sign all the jars by my key, but have JNA separated in jna.jnlp. If the customer wants, he can replace the jna libraries with ones signed by him, while it doesn't affect the process and follows LGPL.
Thank you! Petr
On Fri, May 8, 2009 at 2:18 PM, Stephen Connolly < step...@gmail.com> wrote:
Does your application check that it was signed with your key? I think the answer is no.
If JNLP requires that the jars be signed, then sign the jars.
If a user wants to replace the version of jna then they RESIGN everything with their own key. you are only signing jna so that it can be used fron JNLP.
IANAL but I suspect you are reading the LGPL wrong.
The JNLP requirement is that all the jars be signed by *a key*. Unless your application checks that all the jars have been signed by *your key* then an end user can replace the version of jna with their own patched version providing that they re-sign all the jars with *their key*.
So in short, from my reading of things, if your application refuses to work _unless all jars have been signed by *your key*_ then you would be in breach of LGPL. On the other hand, if (as I suspect) your application does not care if it is signed at all, then signing the jars for JNLP will not affect the LGPL as if the user wants to replace the jna.jar they just have to resign everything with *their key*.
-Stephen
2009/5/7 Petr Aubrecht <aubr...@gmail.com>
This is how I understand paragraph 4a from LGPL
(http://www.gnu.org/licenses/lgpl-3.0.txt). The user has to be able to use modified (e.g. fixed) version of the library (JNA in this case).
I don't think my company would be happy to put our private key on the server :-D
Petr
On Thu, May 7, 2009 at 4:16 PM, <LYou...@gkservices.com> wrote:
LGPL requires that you let users replace the component? Not really something I am familar with, can you say why/how it requires that? In anycase, I think you can just provide the key on your website and you would be in compliance right?
________________________________ Levi Yourchuck Senior Programmer Analyst G&K Services Phone: 952 912 5828 www.gkservices.com
Enhancing Image & Safety Through Innovation
This e-mail and any attachments may contain confidential and privileged information. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this e-mail and destroy any copies. Any dissemination or use of this information by a person other than the intended recipient is unauthorized and may be illegal.
Petr Aubrecht <aubr...@gmail.com>
05/07/2009 05:55 AM
Please respond to use...@jna.dev.java.net To use...@jna.dev.java.net cc Subject [jna-users] JNA in JWS (how not to break LGPL)
Hello,
is there any information, how to use JNA as a part of the Java Web Start?
Downloads contain packages mentioning JWS, but they are unsigned as well as the main jna.jar, so it cannot be AFAIK used to access native libraries. I created a separate jnlp for jna, which I include in the main jnlp.
If I request all permisions in the jna jnlp, I will get: #### Java Web Start Error: #### Unsigned application requesting unrestricted access to system Unsigned resource: http://localhost/AnalystUI/static/jna/jna.jar
If I request nothing, it ends with this exception: Exception in thread "Thread-9" java.lang.ExceptionInInitializerError ... Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission jna.boot.library.path read)
I cannot sign the library, it by my side breaks the LGPL license (user has to be able to replace the component, which he cannot, if the jna.jar signed by my key).
I tried to find this information in jna webpages and using google, but I found no solution.
The best solution would be, if JNA published signed jars :)
I thank you for any advice. Petr
-- -- This mail doesn't contain viruses, I use Linux.
-- -- This mail doesn't contain viruses, I use Linux.