forrest-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Crossley <>
Subject Re: export classification, ECCN, handling cryptography, etc.
Date Tue, 05 Feb 2008 05:43:10 GMT
David Crossley wrote:
> David Crossley wrote:
> > 
> > ---------------------
> > Affected code
> > -------------
> > I have found our use of "jsch" (see below). Please help
> > to find what other affected products that we use.
> I have spent a lot of time on this. I now gather that
> it is not just if a product uses cryptographic features.
> Rather we need to declare a product that uses or is designed
> to use cryptography for the purpose of information security.
> We have a number of supporting products that use it for
> authentication. We don't need to declare those.
> So far i have found:
> "jsch" which is used for scp tasks.

I have added a notice to the "exports" page for Apache Forrest:
only lists our use of "jsch" at the moment.

This also still needs mention in our top-level README.txt

Does someone know where jsch is used in forrest. I know that
"forrestbot" uses it for the deploy.scp task. Anywhere else?

> "Apache FOP" which can be used for encryption of PDF output.

I saw some discussion on another list which leads
me to think it is not needed.

> Can forrest use "https" to retrieve remote sources?
> If so, then what product(s) enables that?
> I haven't finished yet. Other eyes are appreciated,
> perhaps you will find something that i may have missed.

to help manage this task.

I am waiting on sending the actual BIS notice until
we know if any more products need to be added.


View raw message