Allows users to build customized Getdown JARs which can only talk to whitelisted hosts. This can be useful for very security-conscious organizations which want to distribute Getdown internally as a standard application bootstrapping mechanism, but want to ensure that it can only be used for internal applications.
This is an adaptation of the whitelist proof-of-concept discussed on the mailing list, adjusted to use the new Build class.
(Triggered by internal security audit and Fortify analysis.)
I've long wanted to do this, but the launcher's use of all the samskivert UI
stuff made it onerous. Now that the launcher is a separate module, we can
remove the samskivert dependency in core (and tools), which simplifies things
and makes it easier to depend on core in a (future) self-updating app (when we
add support for that).
I don't want to pollute the com.threerings top-level namespace with a bunch of
getdown-foo artifacts, and grouping everything under the top-level project
name, even when that name is repeated for all the artifacts is fairly standard
practice.
- core: the main Getdown logic code
- tools: code to create digest.txt & patch files
- launcher: the standalone launcher/updater app
- ant: the Ant task for creating digest.txt files
This paves the way for a proper Jigsaw-ification of the Getdown code.
I may further factor code out of getdown-launcher and into getdown-core to
enable the use-case where an app embeds Getdown completely and does not use the
launcher app/UI. That will also make it easier to create a JavaFX UI and retire
the old Swing UI.
This also moves the obsolete applet code into a separate applet module, which
is merely a temporary holding area. It will be deleted in the next commit.