Bug 838625 - felix-osgi-foundation: Bundled libraries
felix-osgi-foundation: Bundled libraries
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: felix-osgi-foundation (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity high
: ---
: ---
Assigned To: Mat Booth
Fedora Extras Quality Assurance
:
Depends On:
Blocks: DuplicSysLibsTracker 878469
  Show dependency treegraph
 
Reported: 2012-07-09 11:57 EDT by Mikolaj Izdebski
Modified: 2013-03-18 11:52 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 878469 (view as bug list)
Environment:
Last Closed: 2013-03-18 11:52:33 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mikolaj Izdebski 2012-07-09 11:57:22 EDT
Description of problem:
felix-osgi-foundation is bundling many libraries.
Bundling is against Fedora Policy, see:
http://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries

Version-Release number of selected component (if applicable):
1.2.0-8.fc17.noarch

Additional information:
Bundled libraries are contained in /usr/share/java/felix/org.osgi.foundation.jar.
The following Java packages are bundled in this jar:

java.io.*
java.lang.*
java.lang.ref.*
java.lang.reflect.*
java.math.*
java.net.*
java.security.*
java.security.acl.*
java.security.cert.*
java.security.interfaces.*
java.security.spec.*
java.text.*
java.text.resources.*
java.util.*
java.util.jar.*
java.util.zip.*
javax.microedition.io.*

Those classes often don't match their corresponding non-bundled versions. Many of them refer to native code. There's quite high chance that there were some security bugfixes, which obviously couldn't affect felix-osgi-foundation.

What's even more interesting: This package doesn't contain ANY Felix or OSGi-related classes - it consists only of bundled libraries.
In my opinion this package is a candidate for removal.
Comment 1 Mikolaj Izdebski 2012-11-20 08:54:41 EST
Is there any progress on this bug?
Comment 2 Mat Booth 2013-03-18 11:52:33 EDT
See Section 999 of the OSGi Compendium Spec:

http://www.osgi.org/Download/Release4V43

This bundle contains the platform class definitions that comprise OSGi Defined Execution Environments. An execution environment is the minimum set of classes that are supposed to be available from a platform to be able to support the framework.

I don't think there is actually any duplication of code, it is just empty stubs used only for compilation (I assume to make sure your project does not use a class that is not provided by your target OSGi Execution Environment.)

This package should NOT be deployed with a project or used in production in any way, it is provided only for compilation.

I hope this addresses your concerns. I am going to close this NOTABUG.

Note You need to log in before you can comment on or make changes to this bug.