838625 – felix-osgi-foundation: Bundled libraries

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 838625 - felix-osgi-foundation: Bundled libraries

Summary: felix-osgi-foundation: Bundled libraries

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	felix-osgi-foundation
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Mat Booth
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	DuplicSysLibsTracker
TreeView+	depends on / blocked

Reported:	2012-07-09 15:57 UTC by Mikolaj Izdebski
Modified:	2013-03-18 15:52 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-03-18 15:52:33 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Mikolaj Izdebski 2012-07-09 15:57:22 UTC

Description of problem:
felix-osgi-foundation is bundling many libraries.
Bundling is against Fedora Policy, see:
http://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries

Version-Release number of selected component (if applicable):
1.2.0-8.fc17.noarch

Additional information:
Bundled libraries are contained in /usr/share/java/felix/org.osgi.foundation.jar.
The following Java packages are bundled in this jar:

java.io.*
java.lang.*
java.lang.ref.*
java.lang.reflect.*
java.math.*
java.net.*
java.security.*
java.security.acl.*
java.security.cert.*
java.security.interfaces.*
java.security.spec.*
java.text.*
java.text.resources.*
java.util.*
java.util.jar.*
java.util.zip.*
javax.microedition.io.*

Those classes often don't match their corresponding non-bundled versions. Many of them refer to native code. There's quite high chance that there were some security bugfixes, which obviously couldn't affect felix-osgi-foundation.

What's even more interesting: This package doesn't contain ANY Felix or OSGi-related classes - it consists only of bundled libraries.
In my opinion this package is a candidate for removal.

Comment 1 Mikolaj Izdebski 2012-11-20 13:54:41 UTC

Is there any progress on this bug?

Comment 2 Mat Booth 2013-03-18 15:52:33 UTC

See Section 999 of the OSGi Compendium Spec:

http://www.osgi.org/Download/Release4V43

This bundle contains the platform class definitions that comprise OSGi Defined Execution Environments. An execution environment is the minimum set of classes that are supposed to be available from a platform to be able to support the framework.

I don't think there is actually any duplication of code, it is just empty stubs used only for compilation (I assume to make sure your project does not use a class that is not provided by your target OSGi Execution Environment.)

This package should NOT be deployed with a project or used in production in any way, it is provided only for compilation.

I hope this addresses your concerns. I am going to close this NOTABUG.

Note You need to log in before you can comment on or make changes to this bug.