commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benedikt Ritter <brit...@apache.org>
Subject Re: US Export classification & ECCN registration for encryption in commons?
Date Thu, 05 May 2016 09:04:32 GMT
Hi,

Stian Soiland-Reyes <stain@apache.org> schrieb am Mi., 4. Mai 2016 um
14:35 Uhr:

> Hi,
>
> Sorry for spotting this..
>
>
> Apache Commons Crypto  is not listed on
> http://www.apache.org/licenses/exports/ - does it need to be?  (One
> would assume so..)
>
> Also it was raised that Commons VFS depends on Bouncy Castle/Apache
> Mina/Jetty/SSHD/Hadoop/jsch and has encryption binding for AES128 -
> perhaps that also needs to be listed and registered?
>

Thank you for pointing this out. I've reported this as
https://issues.apache.org/jira/browse/CRYPTO-54. I'm not involved in VFS,
but I've seen that the discussion about that has already started on the
vote for VFS 2.0 rc1.

Benedikt


>
>
> We only have listed:
>
> Commons Compress
> Commons OpenPGP
>
>
> See guidance on
> http://www.apache.org/dev/crypto.html
>
>
> BTW - I've raised https://issues.apache.org/jira/browse/LEGAL-250 to
> see if merely using a listed source as a Maven <dependency> means you
> also are classified - or if you would need to also bundle the
> dependency's binary (which I think we don't do).
>
>
>
> --
> Stian Soiland-Reyes
> Apache Taverna (incubating), Apache Commons RDF (incubating)
> http://orcid.org/0000-0001-9842-9718
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message