hi ApacheDS is not upgradable. Because, it and its dependencies use not free org.osgi:org.osgi.core:6.0.0 (because use OSGi Specification License [1] forbids modifications) There are, also, some Secutity issues[2] , of which it is not clear that the packages available will be affected. regards gil
[1]http://www.osgi.org/Main/OSGiSpecificationLicense [2] https://bugzilla.redhat.com/show_bug.cgi?id=1241163 CVE-2015-3250 apacheds-ldap-client: Timing Attack vulnerability
On 12 July 2015 at 08:58, gil puntogil@libero.it wrote:
hi ApacheDS is not upgradable. Because, it and its dependencies use not free org.osgi:org.osgi.core:6.0.0 (because use OSGi Specification License [1] forbids modifications) There are, also, some Secutity issues[2] , of which it is not clear that the packages available will be affected. regards gil
[1]http://www.osgi.org/Main/OSGiSpecificationLicense [2] https://bugzilla.redhat.com/show_bug.cgi?id=1241163 CVE-2015-3250 apacheds-ldap-client: Timing Attack vulnerability -- java-devel mailing list java-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/java-devel
AIUI the OSGi specification license covers the *specification* -- not *implementations* of that specification.
If what you say is correct, then we would not be able to ship Eclipse. Fortunately for us, the Eclipse Equinox implementation of the OSGi specification is licensed under EPL.)
java-devel@lists.fedoraproject.org