couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Norman Barker <norman.bar...@gmail.com>
Subject Re: export control notice - multiview
Date Thu, 29 Jul 2010 21:55:29 GMT
Dirk-Willem and Chris,

thanks for your help on this, I have passed this through our legal
dept and I am good to add the code to github.

The code will be going up by the w/end, I am going to add a few
installation instructions.

Norman

On Thu, Jul 29, 2010 at 5:10 AM, Dirk-Willem van Gulik
<Dirk-Willem.van.Gulik@bbc.co.uk> wrote:
>
> On 29 Jul 2010, at 04:55, Norman Barker wrote:
>
>> I work for ITT VIS and we would really like to give this multiview for
>> consideration by the community (as well as other patches)*. I have
>> passed this to our legal dept and they would like us to follow
>> http://www.apache.org/dev/crypto.html, I believe this has already been
>> followed since Damien has his name on the XML below as PMC chair.
>
> Have a look at:
>
>        http://www.apache.org/licenses/exports/
>
>> Whatever procedure Damien followed should be documented so that other
>> US companies can contribute. I believe that all is sufficient is a
>
> Please see
>                http://www.apache.org/dev/crypto.html
>
>> paper trail to show that the necessary govt depts have been notified
>> about cryptography (in this case SSL) components in the software.
>
> If the entry is there -
>
>                http://www.apache.org/licenses/exports/
>
> you can be sure that the PMC followed the right path and that this is under the normal
oversight by the board of the foundation. And the board is to oversee that PMCs keep doing
this right; and PMCs are to ensure their area's are all doing the right things; and that each
release has its t's crossed and i's dotted.
>
> Or in other words - you have confirmation that the legal entity responsible (the ASF)
has, and is, carrying out the right steps.
>
> Every time a release is rolled - it is the PMCs tasks to oversee that - and specifically
they are expected to keep an eye on the correctness of above corporate records; and bring
them up to date if needed.
>
> It is very good practice to alert the Dev community and the PMC when doing contributions
such as this; as the process described on
>
>        http://www.apache.org/dev/crypto.html
>
> titled 'Check the Export Control Classification Number (ECCN)' with regard to qualification
under 740.13(e) as ECCN 5D002 is not trivial (though it does over a large swath).
>
> And if a project is particularly worried, say because it has a lot of small moving crypto,
you could simply add a step to your release process which says 're-evaluate ECCN qualification
if any crypto code was added or changed relative to prior releases'.
>
> But in this case - the PMC seems to have this well under control and releases get their
i's dotted and t's crossed.
>
> Thanks,
>
> Dw.
>
> *: I am skipping the usual verbiage on CCLA and/or iCLA being on file, etc.
>
>

Mime
View raw message