ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Denis Magda <dma...@apache.org>
Subject Re: Signing off Ignite for export beyond the U.S.
Date Tue, 25 Jun 2019 20:54:24 GMT
Dmitry,

I've updated the ASF website by including Ignite to the exports matrix [1].
Plus, notified the controlling U.S. entities on the matter.

Could you please do one more favor and help to close these two items
(flying on a plane and a poor Internet connection makes it impossible to
check them off on my end)?

   - Update README.txt in Ignite master with the content prepared earlier
   by you
   - Copy content of this doc [2] to Ignite Wiki

[1] http://www.apache.org/licenses/exports/
[2]
https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing

-
Denis


On Wed, Jun 19, 2019 at 2:47 PM Dmitriy Pavlov <dpavlov@apache.org> wrote:

> Pavel replied to me in private: encryption is available since 2.4 for .Net
> thin client.
>
> I've also modified source XML
>
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8
>
>
> чт, 20 июн. 2019 г. в 00:10, Denis Magda <dmagda@gridgain.com>:
>
> > Pavel,
> >
> > I still have no info related to starting version of .NET encryption
> > > support. So I supposed it was 1.5.
> >
> >
> > Could you please help with this last open item?
> >
> > Dmitry, thanks for the final summary. I'll contact ASF folks trying to
> find
> > the ASF website dev instructions.
> >
> >
> > --
> > Denis Magda
> >
> >
> > On Wed, Jun 19, 2019 at 11:35 AM Dmitriy Pavlov <dpavlov@apache.org>
> > wrote:
> >
> > > Hi Denis,
> > >
> > > I still have no info related to starting version of .NET encryption
> > > support. So I supposed it was 1.5.
> > >
> > > I've started both XSTLs and added an example of both XLTs output to
> > google
> > > doc tabs. One transformer is for email template generation (requires
> > > project name), another is for the site table.
> > >
> > > Only one TODO now left in the PR version of the update. All other stuff
> > is
> > > ready for publishing:
> > >
> > >
> >
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8
> > >
> > > Sincerely,
> > > Dmitriy Pavlov
> > >
> > > P.S. I'm not sure that dev. the list will keep formatting, but anyway
> > here
> > > is transformer output example as text.
> > >
> > > Apache Ignite Project
> > > Product Name Versions ECCN
> > > Controlled Source
> > > Apache Ignite development 5D002
> > > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft,
> > Inc.,
> > > The Eclipse Foundation
> > > 2.5.0 - latest 5D002
> > > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft,
> > Inc.,
> > > The Eclipse Foundation
> > > 1.5.0.final - 2.4.0 5D002
> > > ASF, Oracle, Microsoft, .NET Foundation, JCraft, Inc., The Eclipse
> > > Foundation
> > > 1.0.0 - 1.5.0-b1 5D002
> > > ASF, Oracle, JCraft, Inc., The Eclipse Foundation
> > >
> > > ср, 19 июн. 2019 г. в 15:05, Dmitriy Pavlov <dpavlov@apache.org>:
> > >
> > > > Igniters,
> > > >
> > > > as for older versions, I've started to collect information of crypto
> > > > providers usages in older versions, please help me to finalize this
> doc
> > > so
> > > > I could prepare a declaration of older versions.
> > > >
> > > >
> > > >
> > >
> >
> https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing
> > > >
> > > > I'm not sure if the time of Incubation counts, but, anyway, let'
> > collect
> > > > information about the history of modules.
> > > >
> > > > Sincerely,
> > > > Dmitriy Pavlov
> > > >
> > > > ср, 19 июн. 2019 г. в 14:05, Dmitriy Pavlov <dpavlov@apache.org>:
> > > >
> > > >> Hi Denis,
> > > >>
> > > >> Build process seems to be mentioned only here
> > > >> https://www.apache.org/dev/crypto.html#sources It also mentions
> some
> > > >> bisnotice XSLT transformation, which is available at SVN here
> > > >>
> > >
> >
> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/
> > > >>
> > > >> For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl from
> > > >>
> > >
> >
> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/
> > > >> is more appropriate. I will test it locally.
> > > >>
> > > >> The only thing I've found for now is the following scripts at the
> root
> > > of
> > > >> SVN here
> https://svn.apache.org/repos/asf/infrastructure/site/trunk/
> > > >> bisnotice.cmd
> > > >> bisnotice.sh
> > > >>
> > > >> Sincerely,
> > > >> Dmitriy Pavlov
> > > >>
> > > >> ср, 19 июн. 2019 г. в 01:40, Denis Magda <dmagda@apache.org>:
> > > >>
> > > >>> Dmitriy,
> > > >>>
> > > >>> I think that it's required to enlist all of the publicly released
> > > Ignite
> > > >>> versions (available for download from the website). It means that
> the
> > > XML
> > > >>> should have the following controlled sources grouped by Ignite
> > > versions'
> > > >>> ranges.
> > > >>>
> > > >>>    - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse
> > > Foundation
> > > >>>    - Ignite 1.5.0 and later: all of the controller versions listed
> by
> > > >>> you.
> > > >>>
> > > >>> Not sure about JCraft only. What was the first Ignite version
the
> lib
> > > was
> > > >>> added to?
> > > >>>
> > > >>> As for .NET versions declarations, I'm for the way it handled
right
> > now
> > > >>> by
> > > >>> you. Btw, do you know where ASF explains the website build process?
> > > >>> Failed
> > > >>> to find it, it's not enough just to update the XML.
> > > >>>
> > > >>> Finally, looping in Garrett who can help with the editorial review.
> > > >>> Garrett, could you please review README.txt from this pull-request?
> > > >>>
> > > >>>
> > >
> >
> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
> > > >>>
> > > >>>
> > > >>> -
> > > >>> Denis
> > > >>>
> > > >>>
> > > >>> On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <dpavlov@apache.org
> >
> > > >>> wrote:
> > > >>>
> > > >>> > Igniters,
> > > >>> >
> > > >>> > please review crypto notice in
> > > >>> >
> > > >>> >
> > > >>>
> > >
> >
> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
> > > >>> >
> > > >>> > Only 2 open questions: about declaring released versions,
and
> about
> > > >>> > declaring .NET versions (.NET Core & . NET Classic).
By default,
> I
> > > >>> propose
> > > >>> > to keep both.
> > > >>> >
> > > >>> > Sincerely,
> > > >>> > Dmitriy Pavlov
> > > >>> >
> > > >>> > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <dpavlov@apache.org
> >:
> > > >>> >
> > > >>> > > Pavel,
> > > >>> > >
> > > >>> > > we need to follow the process from
> > > >>> > > https://www.apache.org/dev/crypto.html#classify
> > > >>> > >
> > > >>> > > Please see similar products in the draft export matrix,
> > > >>> > >
> > > >>> > >
> > > >>> >
> > > >>>
> > >
> >
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7
> > > >>> > >
> > > >>> > >
> > > >>> > > We don't ship JDK, but we designed our product to use
a
> > > cryptographic
> > > >>> > > feature from this 3rd party product, so we need to follow
this
> > > >>> process
> > > >>> > and
> > > >>> > > provide matrix update, add CRYPTO notice (I'll draft
it).
> > > >>> > >
> > > >>> > > Other products don't declare all possible JDKs -
> > > >>> > > http://www.apache.org/licenses/exports/#matrix So, probably,
> one
> > > >>> > > declaration of .NET classic (Microsoft) would be enough.
> > > >>> > >
> > > >>> > > Sincerely,
> > > >>> > > Dmitriy Pavlov
> > > >>> > >
> > > >>> > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <
> > ptupitsyn@apache.org
> > > >:
> > > >>> > >
> > > >>> > >> >>Should it go instead of Microsoft? Should
we mention .NET
> code
> > > in
> > > >>> > >> addition
> > > >>> > >>
> > > >>> > >> >>to Microsoft?
> > > >>> > >>
> > > >>> > >>
> > > >>> > >>
> > > >>> > >> >Yes, I think we can do this. Ignite targets
both of the them.
> > And
> > > >>> .NET
> > > >>> > >> Core uses it’s own implementation of standard
class library[1]
> > > >>> > >>
> > > >>> > >> >Pavel may correct me.
> > > >>> > >>
> > > >>> > >>
> > > >>> > >> We use crypto APIs from standard class library.
We ship our
> > > >>> binaries,
> > > >>> > but
> > > >>> > >> we don't ship the framework binaries.
> > > >>> > >>
> > > >>> > >> Our binaries can be executed with .NET Core (open-source,
MIT
> > > >>> license),
> > > >>> > >> Mono (open-source, MIT license), and .NET Classic
(old
> > framework,
> > > >>> > >> Windows-only, Microsoft license).
> > > >>> > >>
> > > >>> > >> I'm still not sure what is the question we are trying
to
> answer,
> > > >>> though.
> > > >>> > >>
> > > >>> > >>
> > > >>> > >> Thanks,
> > > >>> > >>
> > > >>> > >> Pavel
> > > >>> > >>
> > > >>> > >>
> > > >>> > >>
> > > >>> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin
<
> > > lexwert@gmail.com
> > > >>> >
> > > >>> > >> wrote:
> > > >>> > >>
> > > >>> > >> > >1) Declaring older versions of Ignite.
> > > >>> > >> >
> > > >>> > >> > >2) Is it correct to mention that Ignite
uses .NET core
> > > >>> controlled by
> > > >>> > >> .NET
> > > >>> > >> >
> > > >>> > >> > >Foundation? E.g. as follows:
> > > >>> > >> >
> > > >>> > >> > >(controlled by)
> > > >>> > >> >
> > > >>> > >> > >.NET Foundation
> > > >>> > >> >
> > > >>> > >> > >title=Designed to use .NET Framework Cryptography
Model
> > > >>> > >> >
> > > >>> > >> > >href=https://dotnetfoundation.org/projects
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > >Should it go instead of Microsoft? Should
we mention .NET
> > code
> > > in
> > > >>> > >> addition
> > > >>> > >> >
> > > >>> > >> > >to Microsoft?
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > Yes, I think we can do this. Ignite targets
both of the
> them.
> > > And
> > > >>> .NET
> > > >>> > >> > Core uses it’s own implementation of standard
class
> library[1]
> > > >>> > >> >
> > > >>> > >> > Pavel may correct me.
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > [1] https://github.com/dotnet/corefx
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > *From: *Dmitriy Pavlov <dpavlov@apache.org>
> > > >>> > >> > *Sent: *Monday, June 17, 2019 4:35 PM
> > > >>> > >> > *To: *dev <dev@ignite.apache.org>
> > > >>> > >> > *Cc: *Denis Magda <dmagda@apache.org>;
Igor Sapego <
> > > >>> > isapego@apache.org>;
> > > >>> > >> Pavel
> > > >>> > >> > Petroshenko <p@nobitlost.com>; Nikolay
Izhikov <
> > > >>> nizhikov@apache.org>
> > > >>> > >> > *Subject: *Re: Signing off Ignite for export
beyond the U.S.
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > Thanks, Pavel!
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > Denis, Pavel, Igniters, please review the following
> proposal:
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > - Python, Node JS, ODBC to be declared as OpenSSL
usage.
> > > >>> > >> >
> > > >>> > >> > - AWS-S3 client-side encryption to be declared
as JCA/JCE
> > usage.
> > > >>> > >> >
> > > >>> > >> > - SSLContextFactory usage to be declared as
JCA/JCE usage.
> > > >>> > >> >
> > > >>> > >> > - TDE to be declared as JCA/JCE
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > Export matrix data to be published in ASF-level
SVN:
> > > >>> > >> >
> > > >>> > >> > <<<<<
> > > >>> > >> >
> > > >>> > >> > Product Name
> > > >>> > >> >
> > > >>> > >> > Apache Ignite
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > Versions
> > > >>> > >> >
> > > >>> > >> > development
> > > >>> > >> >
> > > >>> > >> > 2.7 and later <Earlier versions-TBD?>
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > ECCN
> > > >>> > >> >
> > > >>> > >> > 5D002
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > Controlled source
> > > >>> > >> >
> > > >>> > >> > ASF
> > > >>> > >> >
> > > >>> > >> > title=Designed to use with built-in Java Cryptography
> > > Architecture
> > > >>> > (JCA)
> > > >>> > >> >
> > > >>> > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > Oracle
> > > >>> > >> >
> > > >>> > >> > title=Designed to use with built-in Java encryption
> libraries
> > > >>> (JCE)
> > > >>> > >> >
> > > >>> > >> > href=
> > > >>> > >>
> > > https://www.oracle.com/technetwork/java/javase/downloads/index.html
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > The OpenSSL Project
> > > >>> > >> >
> > > >>> > >> > title=Designed to use General Purpose cryptography
library
> > > >>> included
> > > >>> > with
> > > >>> > >> >
> > > >>> > >> > OpenSSL
> > > >>> > >> >
> > > >>> > >> > href=https://www.openssl.org/source/
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > Microsoft
> > > >>> > >> >
> > > >>> > >> > title=Designed to use .NET Framework Cryptography
Model
> > > >>> > >> >
> > > >>> > >> > href=https://dotnet.microsoft.com/download
> > > >>> > >> >
> > > >>> > >> > >>>>>>
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > Open questions:
> > > >>> > >> >
> > > >>> > >> > 1) Declaring older versions of Ignite.
> > > >>> > >> >
> > > >>> > >> > 2) Is it correct to mention that Ignite uses
.NET core
> > > controlled
> > > >>> by
> > > >>> > >> .NET
> > > >>> > >> >
> > > >>> > >> > Foundation? E.g. as follows:
> > > >>> > >> >
> > > >>> > >> > (controlled by)
> > > >>> > >> >
> > > >>> > >> > .NET Foundation
> > > >>> > >> >
> > > >>> > >> > title=Designed to use .NET Framework Cryptography
Model
> > > >>> > >> >
> > > >>> > >> > href=https://dotnetfoundation.org/projects
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > Should it go instead of Microsoft? Should we
mention .NET
> code
> > > in
> > > >>> > >> addition
> > > >>> > >> >
> > > >>> > >> > to Microsoft?
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > Sincerely,
> > > >>> > >> >
> > > >>> > >> > Dmitriy Pavlov
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn
<
> > > ptupitsyn@apache.org
> > > >>> >:
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> > > Hi Denis,
> > > >>> > >> >
> > > >>> > >> > >
> > > >>> > >> >
> > > >>> > >> > > Ignite.NET uses .NET Framework Standard
Library for all
> > > >>> security and
> > > >>> > >> >
> > > >>> > >> > > cryptographic related code. There are
no dependencies on
> > > >>> external
> > > >>> > >> >
> > > >>> > >> > > libraries.
> > > >>> > >> >
> > > >>> > >> > >
> > > >>> > >> >
> > > >>> > >> > > Thanks
> > > >>> > >> >
> > > >>> > >> > >
> > > >>> > >> >
> > > >>> > >> > > ср, 12 июн. 2019 г., 21:07 Denis
Magda <dmagda@apache.org
> >:
> > > >>> > >> >
> > > >>> > >> > >
> > > >>> > >> >
> > > >>> > >> > > > Igniters,
> > > >>> > >> >
> > > >>> > >> > > >
> > > >>> > >> >
> > > >>> > >> > > > Regardless of the fact that Ignite
is an open source
> > > >>> software, ASF
> > > >>> > >> as
> > > >>> > >> > an
> > > >>> > >> >
> > > >>> > >> > > > entity based in the U.S. has to comply
with certain
> > > exporting
> > > >>> > >> > regulations
> > > >>> > >> >
> > > >>> > >> > > > [1].
> > > >>> > >> >
> > > >>> > >> > > >
> > > >>> > >> >
> > > >>> > >> > > > Dmitry Pavlov and I are working on
adding Ignite to the
> > > table
> > > >>> [2]
> > > >>> > of
> > > >>> > >> >
> > > >>> > >> > > > projects allowed for export and might
need the
> assistance
> > of
> > > >>> some
> > > >>> > of
> > > >>> > >> > you.
> > > >>> > >> >
> > > >>> > >> > > >
> > > >>> > >> >
> > > >>> > >> > > > Here is a list of cryptographic functions
used by Ignite
> > > (and
> > > >>> > >> provided
> > > >>> > >> > by
> > > >>> > >> >
> > > >>> > >> > > > a 3rd party vendor):
> > > >>> > >> >
> > > >>> > >> > > >
> > > >>> > >> >
> > > >>> > >> > > >    1. JDK SSL/TLS libraries if a
user wishes to enable
> > > secured
> > > >>> > >> >
> > > >>> > >> > > >    connectivity between cluster nodes.
Manufacturer -
> > > >>> > >> Oracle/OpenJDK (
> > > >>> > >> >
> > > >>> > >> > > >    https://apacheignite.readme.io/docs/ssltls)
> > > >>> > >> >
> > > >>> > >> > > >    2. JDK AES/CBC/PKCS5Padding encryption
from the Java
> > > >>> libraries
> > > >>> > >> for
> > > >>> > >> >
> > > >>> > >> > > >    transparent data encryption of
data on disk (
> > > >>> > >> >
> > > >>> > >> > > >
> > > >>> > https://apacheignite.readme.io/docs/transparent-data-encryption)
> > > >>> > >> >
> > > >>> > >> > > >    3. Libraries/vendors for .NET
nodes security?* Pavel
> > > >>> Tupitsyn*,
> > > >>> > >> > could
> > > >>> > >> >
> > > >>> > >> > > >    you check?
> > > >>> > >> >
> > > >>> > >> > > >    4. Libraries/vendors for C++ clients
security (SSL,
> > TLS,
> > > >>> > anything
> > > >>> > >> >
> > > >>> > >> > > >    else?). *Igor Sapego*, could you
please check?
> > > >>> > >> >
> > > >>> > >> > > >    5. Libraries/vendors for Python,
PHP, Node.JS
> SSL/TLS?
> > > >>> *Dear
> > > >>> > thin
> > > >>> > >> >
> > > >>> > >> > > >    client contributors*, please facilitate.
> > > >>> > >> >
> > > >>> > >> > > >    6. Anything else missing from
the list? We don't have
> > any
> > > >>> > custom
> > > >>> > >> >
> > > >>> > >> > > >    crypto features, right?
> > > >>> > >> >
> > > >>> > >> > > >
> > > >>> > >> >
> > > >>> > >> > > > All of these usages/integrations
have to comply with the
> > > >>> following
> > > >>> > >> >
> > > >>> > >> > > > checklist [3] before I, as a PMC
Chair, submit a notice
> to
> > > >>> Export
> > > >>> > >> >
> > > >>> > >> > > > Administration Regulations of the
U.S.A.
> > > >>> > >> >
> > > >>> > >> > > >
> > > >>> > >> >
> > > >>> > >> > > > [1] http://www.apache.org/licenses/exports/
> > > >>> > >> >
> > > >>> > >> > > > [2] http://www.apache.org/licenses/exports/#matrix
> > > >>> > >> >
> > > >>> > >> > > > [3] https://www.apache.org/dev/crypto.html#classify
> > > >>> > >> >
> > > >>> > >> > > >
> > > >>> > >> >
> > > >>> > >> > > >
> > > >>> > >> >
> > > >>> > >> > > > -
> > > >>> > >> >
> > > >>> > >> > > > Denis
> > > >>> > >> >
> > > >>> > >> > > >
> > > >>> > >> >
> > > >>> > >> > >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >> >
> > > >>> > >>
> > > >>> > >
> > > >>> >
> > > >>>
> > > >>
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message