Return-Path: Delivered-To: apmail-forrest-dev-archive@www.apache.org Received: (qmail 95209 invoked from network); 5 Feb 2008 05:43:46 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 5 Feb 2008 05:43:46 -0000 Received: (qmail 2509 invoked by uid 500); 5 Feb 2008 05:43:38 -0000 Delivered-To: apmail-forrest-dev-archive@forrest.apache.org Received: (qmail 2450 invoked by uid 500); 5 Feb 2008 05:43:38 -0000 Mailing-List: contact dev-help@forrest.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@forrest.apache.org List-Id: Delivered-To: mailing list dev@forrest.apache.org Received: (qmail 2439 invoked by uid 99); 5 Feb 2008 05:43:38 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Feb 2008 21:43:38 -0800 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [66.111.4.26] (HELO out2.smtp.messagingengine.com) (66.111.4.26) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Feb 2008 05:43:09 +0000 Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id C612988998 for ; Tue, 5 Feb 2008 00:43:15 -0500 (EST) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by compute1.internal (MEProxy); Tue, 05 Feb 2008 00:43:15 -0500 X-Sasl-enc: 7lE6iaZpFRmF7z7x1OKfDzw8DYqPav7FxwWqS4oGAdUl 1202190194 Received: from localhost (dsl-41-216.nsw1.net.au [125.168.41.216]) by mail.messagingengine.com (Postfix) with ESMTP id 6C73E13DF3 for ; Tue, 5 Feb 2008 00:43:14 -0500 (EST) Date: Tue, 5 Feb 2008 16:43:10 +1100 From: David Crossley To: dev@forrest.apache.org Subject: Re: export classification, ECCN, handling cryptography, etc. Message-ID: <20080205054310.GC11926@igg.indexgeo.com.au> References: <20080123020801.GE2174@igg.indexgeo.com.au> <20080131060342.GD2051@igg.indexgeo.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20080131060342.GD2051@igg.indexgeo.com.au> User-Agent: Mutt/1.4.2.2i X-Virus-Checked: Checked by ClamAV on apache.org David Crossley wrote: > David Crossley wrote: > > > > --------------------- > > Affected code > > ------------- > > I have found our use of "jsch" (see below). Please help > > to find what other affected products that we use. > > I have spent a lot of time on this. I now gather that > it is not just if a product uses cryptographic features. > > Rather we need to declare a product that uses or is designed > to use cryptography for the purpose of information security. > > We have a number of supporting products that use it for > authentication. We don't need to declare those. > > So far i have found: > > "jsch" which is used for scp tasks. I have added a notice to the "exports" page for Apache Forrest: http://www.apache.org/licenses/exports/ only lists our use of "jsch" at the moment. This also still needs mention in our top-level README.txt Does someone know where jsch is used in forrest. I know that "forrestbot" uses it for the deploy.scp task. Anywhere else? > "Apache FOP" which can be used for encryption of PDF output. I saw some discussion on another list which leads me to think it is not needed. > Can forrest use "https" to retrieve remote sources? > If so, then what product(s) enables that? > > I haven't finished yet. Other eyes are appreciated, > perhaps you will find something that i may have missed. Added https://issues.apache.org/jira/browse/FOR-1069 to help manage this task. I am waiting on sending the actual BIS notice until we know if any more products need to be added. -David