forrest-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Crossley <cross...@apache.org>
Subject Re: export classification, ECCN, handling cryptography, etc.
Date Tue, 05 Feb 2008 05:43:10 GMT
David Crossley wrote:
> David Crossley wrote:
> > 
> > ---------------------
> > Affected code
> > -------------
> > I have found our use of "jsch" (see below). Please help
> > to find what other affected products that we use.
> 
> I have spent a lot of time on this. I now gather that
> it is not just if a product uses cryptographic features.
> 
> Rather we need to declare a product that uses or is designed
> to use cryptography for the purpose of information security.
> 
> We have a number of supporting products that use it for
> authentication. We don't need to declare those.
>
> So far i have found:
> 
> "jsch" which is used for scp tasks.

I have added a notice to the "exports" page for Apache Forrest:
http://www.apache.org/licenses/exports/
only lists our use of "jsch" at the moment.

This also still needs mention in our top-level README.txt

Does someone know where jsch is used in forrest. I know that
"forrestbot" uses it for the deploy.scp task. Anywhere else?

> "Apache FOP" which can be used for encryption of PDF output.

I saw some discussion on another list which leads
me to think it is not needed.

> Can forrest use "https" to retrieve remote sources?
> If so, then what product(s) enables that?
> 
> I haven't finished yet. Other eyes are appreciated,
> perhaps you will find something that i may have missed.

Added https://issues.apache.org/jira/browse/FOR-1069
to help manage this task.

I am waiting on sending the actual BIS notice until
we know if any more products need to be added.

-David

Mime
View raw message