Yay, now I get to chime in with my non-legal background :-)
> -----Original Message-----
> From: Michael Gentry [mailto:blacknex..mail.com]
> Sent: Thursday, February 22, 2007 11:18 AM
> To: de..ayenne.apache.org
> Subject: Re: podling BIS notifications (jars in svn & crypto)
>
> I don't think I'm missing your point (at least I'm trying not to).
> I'm just arguing that if having an extension point in a
> product in which an end-user can write their own code
> separate of Apache (in our case, retrieving the DB password,
> but really any extension point), in which the end-uesr can
> incorporate encryption -- and thus require the BIS/etc, then
> that opens a huge can of worms for a lot of projects (like
> Ant).
Michael,
I think I agreed with you when the thread started. I believe the point
you're trying to make is that an end-user can incorporate encryption
with any interface, particularly those just passing strings back and
forth. After thinking about it a bit more though, I think the key
difference is that your interface is ostensibly designed for the
encryption of data. Between the method names and the salt argument,
it'd be hard to argue it any other way. Whereas, at least where the
other interfaces are concerned, the burden of proof is on someone else.
If that truly be the case, then there may be no can of worms . . .
-- Kevin
This archive was generated by hypermail 2.0.0 : Thu Feb 22 2007 - 13:21:04 EST