That would make it pretty painful for users IMO and we'd need to make sure users are pointed to a "safe" and authentic place to get the binaries in addition to the jars.
We can leave it up to the RM as to what to do on a per release basis I suppose, but I would not like us to build code and extra gadgetry to support this. I did the previous release and would do the next one if no one else can. You must use macOs hardware to legally produce macOS binaries and you must use a legal copy of Windows for the Windows binary, that's the only hurdle I think. Linux/Ubuntu is free and anyone can do that with Docker. Gary On Tue, Jun 14, 2022 at 9:21 AM Gilles Sadowski <gillese...@gmail.com> wrote: > > Hello. > > Given the trouble it entails and the very few people who can or want > to be involved in (the maintenance of) cross-compilation, wouldn't it > be safer to make all binaries optional? > It would be the application developers' responsibility to drop them to > a location where the [Crypto] wrapper can find them. > > From a security POV, it seems (?) that this approach could dramatically > lower (or even remove) Commons' responsibility (and ensuing burden) > in case of vulnerabilities in the native code(s). > > Regards, > Gilles > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
