geode-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dick Cavender (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (GEODE-25) Geode Cryptography Audit
Date Thu, 19 Nov 2015 22:37:11 GMT

     [ https://issues.apache.org/jira/browse/GEODE-25?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dick Cavender updated GEODE-25:
-------------------------------
    Attachment: ASF-ExportClassificationQuestionnaire-GemFireGemFireNativeClient8.2.0.pdf


We're unable to share the black duck scan results with ASF and these results likely wouldn't
provide the information that is being requested here anyway.  

Since this source code has been around for years we've completed Export Compliance certification
on it as GemStone Systems, VMware and then again with EMC and Pivotal. 

We're providing the most recent Export Classification document for the last GA version of
the commercial product. The product was classified under ECCN 5D002 and eligible for export
under License Exception ENC in accordance with Section 740.17(b)(1) of the EAR.

We provide this document in good faith that there isn't encryption in the product that violates
US laws while also knowing we must still follow the ASF steps outlined on the ASF crypto page
for the new open source product Apache Geode and obtain a ECCN for it. 



> Geode Cryptography Audit
> ------------------------
>
>                 Key: GEODE-25
>                 URL: https://issues.apache.org/jira/browse/GEODE-25
>             Project: Geode
>          Issue Type: Task
>            Reporter: Niall Pemberton
>            Assignee: Dick Cavender
>         Attachments: ASF-ExportClassificationQuestionnaire-GemFireGemFireNativeClient8.2.0.pdf
>
>
> Review if there are any Cryptography issues with Geode:
>  * See http://incubator.apache.org/guides/mentor.html#crypto-audit
>  * See http://www.apache.org/dev/crypto.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message