Description of problem: felix-osgi-foundation is bundling many libraries. Bundling is against Fedora Policy, see: http://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries Version-Release number of selected component (if applicable): 1.2.0-8.fc17.noarch Additional information: Bundled libraries are contained in /usr/share/java/felix/org.osgi.foundation.jar. The following Java packages are bundled in this jar: java.io.* java.lang.* java.lang.ref.* java.lang.reflect.* java.math.* java.net.* java.security.* java.security.acl.* java.security.cert.* java.security.interfaces.* java.security.spec.* java.text.* java.text.resources.* java.util.* java.util.jar.* java.util.zip.* javax.microedition.io.* Those classes often don't match their corresponding non-bundled versions. Many of them refer to native code. There's quite high chance that there were some security bugfixes, which obviously couldn't affect felix-osgi-foundation. What's even more interesting: This package doesn't contain ANY Felix or OSGi-related classes - it consists only of bundled libraries. In my opinion this package is a candidate for removal.
Is there any progress on this bug?
See Section 999 of the OSGi Compendium Spec: http://www.osgi.org/Download/Release4V43 This bundle contains the platform class definitions that comprise OSGi Defined Execution Environments. An execution environment is the minimum set of classes that are supposed to be available from a platform to be able to support the framework. I don't think there is actually any duplication of code, it is just empty stubs used only for compilation (I assume to make sure your project does not use a class that is not provided by your target OSGi Execution Environment.) This package should NOT be deployed with a project or used in production in any way, it is provided only for compilation. I hope this addresses your concerns. I am going to close this NOTABUG.