Return-Path: Delivered-To: apmail-incubator-general-archive@www.apache.org Received: (qmail 33699 invoked from network); 17 Aug 2007 06:42:26 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 17 Aug 2007 06:42:26 -0000 Received: (qmail 76538 invoked by uid 500); 17 Aug 2007 06:42:23 -0000 Delivered-To: apmail-incubator-general-archive@incubator.apache.org Received: (qmail 76052 invoked by uid 500); 17 Aug 2007 06:42:22 -0000 Mailing-List: contact general-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: general@incubator.apache.org Delivered-To: mailing list general@incubator.apache.org Received: (qmail 76041 invoked by uid 99); 17 Aug 2007 06:42:22 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Aug 2007 23:42:22 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of gscokart@gmail.com designates 209.85.198.185 as permitted sender) Received: from [209.85.198.185] (HELO rv-out-0910.google.com) (209.85.198.185) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 Aug 2007 06:42:20 +0000 Received: by rv-out-0910.google.com with SMTP id k20so410583rvb for ; Thu, 16 Aug 2007 23:41:59 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=AYltDewedLuh++NccIWRXl9g9LwqMVaCzbUjDnkGEBNLQmeJM3WSEBuOioYDdzC7R8YSlSR+LU9IbJw9Bk0R52eqeyUZ0vccxnseZ3zKEAdm969VRODgdp43dOn0Y6AD/5zAO8zsl+0Hb5gQ4rKt196Mpn9NACMoKR9rmerpDeY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Vw2LQQ6C2C7uvTaWlnSJ4bnE8tsNbL7m7K7RN+297VhNIq7GhiQG81H3ftngiUSrwmNoQ9s+aTAuefy67uvQsSBVxi2SiNOn09zzaMPMXN3d+y02q1m+TY5CdWa/94sWLjW2H4+LBHQNg8on0TJh526sZsJsXznOherbHTam3eo= Received: by 10.115.111.1 with SMTP id o1mr2805064wam.1187332919438; Thu, 16 Aug 2007 23:41:59 -0700 (PDT) Received: by 10.114.103.16 with HTTP; Thu, 16 Aug 2007 23:41:59 -0700 (PDT) Message-ID: Date: Fri, 17 Aug 2007 08:41:59 +0200 From: "Gilles Scokart" To: general@incubator.apache.org Subject: Re: Do we meet the definition of ECCN 5D002 ? In-Reply-To: <5c902b9e0708161419s78363e2ctb1f407e2b10d17f8@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <5c902b9e0708161419s78363e2ctb1f407e2b10d17f8@mail.gmail.com> X-Virus-Checked: Checked by ClamAV on apache.org Couldn't this kind of things be checked by RAT? Also, the crypto.html [1] page is not very referenced. And it is easy to not see it. Couldn't it be referenced more clearly from one of the guideline/policies document, so that that new poddling project are more directly aware of it. [1] http://www.apache.org/dev/crypto.html Gilles 2007/8/16, Justin Erenkrantz : > On 8/16/07, Gilles Scokart wrote: > > I just found [1], and I was wonderiing if we don't fall under the > > definition of ECCN 5D002 for our binary distribution with deps. In > > this distribution we include binaries that support https, sft and ssh (and > > maybe other via vfs). > > If you have any code which directly invokes a dependency which is > covered by 5D002, yes, our policy is you must file a notice. APR had > to file simply because it can optionally link against OpenSSL. > > From the FAQ: > --- > What are examples of when a crypto item is publicly accessible through > ASF servers? > > The obvious example is including something like an OpenSSL binary > within a product distribution from a /dist URL. The less obvious > example, is the point at which a subversion repository starts to > include code that is specially designed to work with any other 5D002 > item, whether that item is ever to be included within a product > distribution or not. In other words, a project should send out a > notification email just after making the decision to include code that > is specially designed to work with crypto APIs but before actually > committing such code. No need to worry about surprise JIRA attachments > with such code -- only the event of committing the code to the ASF > product repository. > --- > > So, sounds like Ivy falls under the latter example. > > HTH. -- justin > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org > For additional commands, e-mail: general-help@incubator.apache.org > > -- Gilles SCOKART --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org For additional commands, e-mail: general-help@incubator.apache.org