hawq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Guo <paul...@gmail.com>
Subject Re: Acknowledging cryptographic code
Date Fri, 12 Aug 2016 12:14:55 GMT
The file could be removed since it is for win32.
    https://github.com/postgres/postgres/blob/REL8_1_0/src/port/crypt.c

But reading http://www.apache.org/dev/crypto.html,
we seem to still need to go through the security process.
<http://www.apache.org/dev/crypto.html>
<http://www.apache.org/dev/crypto.html>
<http://www.apache.org/dev/crypto.html>
<http://www.apache.org/dev/crypto.html>
<http://www.apache.org/dev/crypto.html>
<http://www.apache.org/dev/crypto.html>
We could add back pgcrypto (so that we do not need to download pg code
to get pgcrypto each time when building pgcrypto) along with this work.
<http://www.apache.org/dev/crypto.html>

<http://www.apache.org/dev/crypto.html>

<http://www.apache.org/dev/crypto.html>

2016-08-10 8:37 GMT+08:00 Goden Yao <godenyao@apache.org>:

> Given the current situation, I'll vote for including crypto and go through
> the compliance process.
>
> On Tue, Aug 9, 2016 at 2:25 PM Roman Shaposhnik <roman@shaposhnik.org>
> wrote:
>
> > Hi!
> >
> > after a lot of effort to get rid of crypto code in HAWQ it
> > has come to our attention (again, because of the awesome
> > analysis done by Justin) that the code we imported from
> > PostgreSQL such as:
> >     https://github.com/postgres/postgres/blob/REL8_1_0/src/port/crypt.c
> > would require us to seek export compliance as outlined
> > in the following documentation:
> >     http://www.apache.org/dev/crypto.html
> >
> > I would like to re-iterate that it is PMC's business to be vigilant
> > about tracking this sort of compliance. As such, it is extremely
> > important that all of you read through the document I linked to
> > and ask any questions you may have on this thread.
> >
> > Since HAWQ is still in Incubation there's a few steps outlined
> > in the document that one of the mentors (myself) will have to
> > do for you guys. However, this shouldn't confuse you into
> > thinking that export compliance is handled by somebody else
> > at Apache.
> >
> > It is a PMC responsibility. It is YOUR responsibility.
> >
> > Thanks,
> > Roman.
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message