Red Hat Bugzilla – Full Text Bug Listing
|Summary:||felix-osgi-foundation: Bundled libraries|
|Product:||[Fedora] Fedora||Reporter:||Mikolaj Izdebski <mizdebsk>|
|Component:||felix-osgi-foundation||Assignee:||Mat Booth <mat.booth>|
|Status:||CLOSED NOTABUG||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|:||878469 (view as bug list)||Environment:|
|Last Closed:||2013-03-18 11:52:33 EDT||Type:||Bug|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
|Bug Blocks:||504493, 878469|
Description Mikolaj Izdebski 2012-07-09 11:57:22 EDT
Description of problem: felix-osgi-foundation is bundling many libraries. Bundling is against Fedora Policy, see: http://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries Version-Release number of selected component (if applicable): 1.2.0-8.fc17.noarch Additional information: Bundled libraries are contained in /usr/share/java/felix/org.osgi.foundation.jar. The following Java packages are bundled in this jar: java.io.* java.lang.* java.lang.ref.* java.lang.reflect.* java.math.* java.net.* java.security.* java.security.acl.* java.security.cert.* java.security.interfaces.* java.security.spec.* java.text.* java.text.resources.* java.util.* java.util.jar.* java.util.zip.* javax.microedition.io.* Those classes often don't match their corresponding non-bundled versions. Many of them refer to native code. There's quite high chance that there were some security bugfixes, which obviously couldn't affect felix-osgi-foundation. What's even more interesting: This package doesn't contain ANY Felix or OSGi-related classes - it consists only of bundled libraries. In my opinion this package is a candidate for removal.
Comment 1 Mikolaj Izdebski 2012-11-20 08:54:41 EST
Is there any progress on this bug?
Comment 2 Mat Booth 2013-03-18 11:52:33 EDT
See Section 999 of the OSGi Compendium Spec: http://www.osgi.org/Download/Release4V43 This bundle contains the platform class definitions that comprise OSGi Defined Execution Environments. An execution environment is the minimum set of classes that are supposed to be available from a platform to be able to support the framework. I don't think there is actually any duplication of code, it is just empty stubs used only for compilation (I assume to make sure your project does not use a class that is not provided by your target OSGi Execution Environment.) This package should NOT be deployed with a project or used in production in any way, it is provided only for compilation. I hope this addresses your concerns. I am going to close this NOTABUG.