ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dmitriy Pavlov <dpav...@apache.org>
Subject Re: Signing off Ignite for export beyond the U.S.
Date Wed, 19 Jun 2019 11:05:08 GMT
Hi Denis,

Build process seems to be mentioned only here
https://www.apache.org/dev/crypto.html#sources It also mentions some
bisnotice XSLT transformation, which is available at SVN here
https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/

For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl from
https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/
is more appropriate. I will test it locally.

The only thing I've found for now is the following scripts at the root of
SVN here https://svn.apache.org/repos/asf/infrastructure/site/trunk/
bisnotice.cmd
bisnotice.sh

Sincerely,
Dmitriy Pavlov

ср, 19 июн. 2019 г. в 01:40, Denis Magda <dmagda@apache.org>:

> Dmitriy,
>
> I think that it's required to enlist all of the publicly released Ignite
> versions (available for download from the website). It means that the XML
> should have the following controlled sources grouped by Ignite versions'
> ranges.
>
>    - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse Foundation
>    - Ignite 1.5.0 and later: all of the controller versions listed by you.
>
> Not sure about JCraft only. What was the first Ignite version the lib was
> added to?
>
> As for .NET versions declarations, I'm for the way it handled right now by
> you. Btw, do you know where ASF explains the website build process? Failed
> to find it, it's not enough just to update the XML.
>
> Finally, looping in Garrett who can help with the editorial review.
> Garrett, could you please review README.txt from this pull-request?
>
> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
>
>
> -
> Denis
>
>
> On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <dpavlov@apache.org> wrote:
>
> > Igniters,
> >
> > please review crypto notice in
> >
> >
> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29
> >
> > Only 2 open questions: about declaring released versions, and about
> > declaring .NET versions (.NET Core & . NET Classic). By default, I
> propose
> > to keep both.
> >
> > Sincerely,
> > Dmitriy Pavlov
> >
> > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <dpavlov@apache.org>:
> >
> > > Pavel,
> > >
> > > we need to follow the process from
> > > https://www.apache.org/dev/crypto.html#classify
> > >
> > > Please see similar products in the draft export matrix,
> > >
> > >
> >
> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7
> > >
> > >
> > > We don't ship JDK, but we designed our product to use a cryptographic
> > > feature from this 3rd party product, so we need to follow this process
> > and
> > > provide matrix update, add CRYPTO notice (I'll draft it).
> > >
> > > Other products don't declare all possible JDKs -
> > > http://www.apache.org/licenses/exports/#matrix So, probably, one
> > > declaration of .NET classic (Microsoft) would be enough.
> > >
> > > Sincerely,
> > > Dmitriy Pavlov
> > >
> > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <ptupitsyn@apache.org>:
> > >
> > >> >>Should it go instead of Microsoft? Should we mention .NET code
in
> > >> addition
> > >>
> > >> >>to Microsoft?
> > >>
> > >>
> > >>
> > >> >Yes, I think we can do this. Ignite targets both of the them. And
> .NET
> > >> Core uses it’s own implementation of standard class library[1]
> > >>
> > >> >Pavel may correct me.
> > >>
> > >>
> > >> We use crypto APIs from standard class library. We ship our binaries,
> > but
> > >> we don't ship the framework binaries.
> > >>
> > >> Our binaries can be executed with .NET Core (open-source, MIT
> license),
> > >> Mono (open-source, MIT license), and .NET Classic (old framework,
> > >> Windows-only, Microsoft license).
> > >>
> > >> I'm still not sure what is the question we are trying to answer,
> though.
> > >>
> > >>
> > >> Thanks,
> > >>
> > >> Pavel
> > >>
> > >>
> > >>
> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <lexwert@gmail.com>
> > >> wrote:
> > >>
> > >> > >1) Declaring older versions of Ignite.
> > >> >
> > >> > >2) Is it correct to mention that Ignite uses .NET core controlled
> by
> > >> .NET
> > >> >
> > >> > >Foundation? E.g. as follows:
> > >> >
> > >> > >(controlled by)
> > >> >
> > >> > >.NET Foundation
> > >> >
> > >> > >title=Designed to use .NET Framework Cryptography Model
> > >> >
> > >> > >href=https://dotnetfoundation.org/projects
> > >> >
> > >> >
> > >> >
> > >> > >Should it go instead of Microsoft? Should we mention .NET code
in
> > >> addition
> > >> >
> > >> > >to Microsoft?
> > >> >
> > >> >
> > >> >
> > >> > Yes, I think we can do this. Ignite targets both of the them. And
> .NET
> > >> > Core uses it’s own implementation of standard class library[1]
> > >> >
> > >> > Pavel may correct me.
> > >> >
> > >> >
> > >> >
> > >> > [1] https://github.com/dotnet/corefx
> > >> >
> > >> >
> > >> >
> > >> > *From: *Dmitriy Pavlov <dpavlov@apache.org>
> > >> > *Sent: *Monday, June 17, 2019 4:35 PM
> > >> > *To: *dev <dev@ignite.apache.org>
> > >> > *Cc: *Denis Magda <dmagda@apache.org>; Igor Sapego <
> > isapego@apache.org>;
> > >> Pavel
> > >> > Petroshenko <p@nobitlost.com>; Nikolay Izhikov <nizhikov@apache.org
> >
> > >> > *Subject: *Re: Signing off Ignite for export beyond the U.S.
> > >> >
> > >> >
> > >> >
> > >> > Thanks, Pavel!
> > >> >
> > >> >
> > >> >
> > >> > Denis, Pavel, Igniters, please review the following proposal:
> > >> >
> > >> >
> > >> >
> > >> > - Python, Node JS, ODBC to be declared as OpenSSL usage.
> > >> >
> > >> > - AWS-S3 client-side encryption to be declared as JCA/JCE usage.
> > >> >
> > >> > - SSLContextFactory usage to be declared as JCA/JCE usage.
> > >> >
> > >> > - TDE to be declared as JCA/JCE
> > >> >
> > >> >
> > >> >
> > >> > Export matrix data to be published in ASF-level SVN:
> > >> >
> > >> > <<<<<
> > >> >
> > >> > Product Name
> > >> >
> > >> > Apache Ignite
> > >> >
> > >> >
> > >> >
> > >> > Versions
> > >> >
> > >> > development
> > >> >
> > >> > 2.7 and later <Earlier versions-TBD?>
> > >> >
> > >> >
> > >> >
> > >> > ECCN
> > >> >
> > >> > 5D002
> > >> >
> > >> >
> > >> >
> > >> > Controlled source
> > >> >
> > >> > ASF
> > >> >
> > >> > title=Designed to use with built-in Java Cryptography Architecture
> > (JCA)
> > >> >
> > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git
> > >> >
> > >> >
> > >> >
> > >> > Oracle
> > >> >
> > >> > title=Designed to use with built-in Java encryption libraries (JCE)
> > >> >
> > >> > href=
> > >> https://www.oracle.com/technetwork/java/javase/downloads/index.html
> > >> >
> > >> >
> > >> >
> > >> > The OpenSSL Project
> > >> >
> > >> > title=Designed to use General Purpose cryptography library included
> > with
> > >> >
> > >> > OpenSSL
> > >> >
> > >> > href=https://www.openssl.org/source/
> > >> >
> > >> >
> > >> >
> > >> > Microsoft
> > >> >
> > >> > title=Designed to use .NET Framework Cryptography Model
> > >> >
> > >> > href=https://dotnet.microsoft.com/download
> > >> >
> > >> > >>>>>>
> > >> >
> > >> >
> > >> >
> > >> > Open questions:
> > >> >
> > >> > 1) Declaring older versions of Ignite.
> > >> >
> > >> > 2) Is it correct to mention that Ignite uses .NET core controlled
by
> > >> .NET
> > >> >
> > >> > Foundation? E.g. as follows:
> > >> >
> > >> > (controlled by)
> > >> >
> > >> > .NET Foundation
> > >> >
> > >> > title=Designed to use .NET Framework Cryptography Model
> > >> >
> > >> > href=https://dotnetfoundation.org/projects
> > >> >
> > >> >
> > >> >
> > >> > Should it go instead of Microsoft? Should we mention .NET code in
> > >> addition
> > >> >
> > >> > to Microsoft?
> > >> >
> > >> >
> > >> >
> > >> > Sincerely,
> > >> >
> > >> > Dmitriy Pavlov
> > >> >
> > >> >
> > >> >
> > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <ptupitsyn@apache.org>:
> > >> >
> > >> >
> > >> >
> > >> > > Hi Denis,
> > >> >
> > >> > >
> > >> >
> > >> > > Ignite.NET uses .NET Framework Standard Library for all security
> and
> > >> >
> > >> > > cryptographic related code. There are no dependencies on external
> > >> >
> > >> > > libraries.
> > >> >
> > >> > >
> > >> >
> > >> > > Thanks
> > >> >
> > >> > >
> > >> >
> > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <dmagda@apache.org>:
> > >> >
> > >> > >
> > >> >
> > >> > > > Igniters,
> > >> >
> > >> > > >
> > >> >
> > >> > > > Regardless of the fact that Ignite is an open source software,
> ASF
> > >> as
> > >> > an
> > >> >
> > >> > > > entity based in the U.S. has to comply with certain exporting
> > >> > regulations
> > >> >
> > >> > > > [1].
> > >> >
> > >> > > >
> > >> >
> > >> > > > Dmitry Pavlov and I are working on adding Ignite to the
table
> [2]
> > of
> > >> >
> > >> > > > projects allowed for export and might need the assistance
of
> some
> > of
> > >> > you.
> > >> >
> > >> > > >
> > >> >
> > >> > > > Here is a list of cryptographic functions used by Ignite
(and
> > >> provided
> > >> > by
> > >> >
> > >> > > > a 3rd party vendor):
> > >> >
> > >> > > >
> > >> >
> > >> > > >    1. JDK SSL/TLS libraries if a user wishes to enable secured
> > >> >
> > >> > > >    connectivity between cluster nodes. Manufacturer -
> > >> Oracle/OpenJDK (
> > >> >
> > >> > > >    https://apacheignite.readme.io/docs/ssltls)
> > >> >
> > >> > > >    2. JDK AES/CBC/PKCS5Padding encryption from the Java
> libraries
> > >> for
> > >> >
> > >> > > >    transparent data encryption of data on disk (
> > >> >
> > >> > > >
> > https://apacheignite.readme.io/docs/transparent-data-encryption)
> > >> >
> > >> > > >    3. Libraries/vendors for .NET nodes security?* Pavel
> Tupitsyn*,
> > >> > could
> > >> >
> > >> > > >    you check?
> > >> >
> > >> > > >    4. Libraries/vendors for C++ clients security (SSL, TLS,
> > anything
> > >> >
> > >> > > >    else?). *Igor Sapego*, could you please check?
> > >> >
> > >> > > >    5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS?
*Dear
> > thin
> > >> >
> > >> > > >    client contributors*, please facilitate.
> > >> >
> > >> > > >    6. Anything else missing from the list? We don't have
any
> > custom
> > >> >
> > >> > > >    crypto features, right?
> > >> >
> > >> > > >
> > >> >
> > >> > > > All of these usages/integrations have to comply with the
> following
> > >> >
> > >> > > > checklist [3] before I, as a PMC Chair, submit a notice
to
> Export
> > >> >
> > >> > > > Administration Regulations of the U.S.A.
> > >> >
> > >> > > >
> > >> >
> > >> > > > [1] http://www.apache.org/licenses/exports/
> > >> >
> > >> > > > [2] http://www.apache.org/licenses/exports/#matrix
> > >> >
> > >> > > > [3] https://www.apache.org/dev/crypto.html#classify
> > >> >
> > >> > > >
> > >> >
> > >> > > >
> > >> >
> > >> > > > -
> > >> >
> > >> > > > Denis
> > >> >
> > >> > > >
> > >> >
> > >> > >
> > >> >
> > >> >
> > >> >
> > >>
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message