incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <mgai...@hotmail.com>
Subject RE: ECCN cryptography reporting?
Date Tue, 03 May 2016 11:56:10 GMT

MG>hopefully quick answer

> From: stain@apache.org
> Date: Mon, 2 May 2016 17:45:12 +0100
> Subject: Re: ECCN cryptography reporting?
> To: general@incubator.apache.org
> 
> Thanks!
> 
> We did a dependency clean-up (but not upgrade) as part of license
> review. We want to delay some of the upgrades (e.g. to OSGI 5) until
> after getting the first full command line release out as this is what
> pulls together everything in its lib/.
> 
> (Thus this is also why we need to do the encryption review now).
> 
> 
> I used
> 
> mvn dependency:tree -DoutputFile=`pwd`/target/tree.txt -DappendOutput=true
> 
> to check what dependencies we are using across modules - obviously all
> the Apache ones are easy to check against
> http://www.apache.org/licenses/exports/
> 
> but it's harder to check if any of the others are classified or not
> beyond heavy googling - e.g.
> Jetty is apparantly classified according to
> https://dev.eclipse.org/mhonarc/lists/jetty-users/msg05898.html
MG>you can use RAT-REPORTMG>http://creadur.apache.org/rat/apache-rat-plugin/rat-mojo.html
> 
> 
> I wonder if Apache Whisker folks would have any thoughts on how
> generating/checking for encryption export dependencies should be
> simplified - you would think something like a
> META-INF/EXPORT-RESTRICTED in the dependency JARs would work.
> (Although some projects put their encryption classification in NOTICE
> - I understand this is discouraged?)
> 
> 
> Emma seems a bit abandoned (e.g. no Maven 2 plugin) - I know Commons
> now use Cobertura and/or JaCoCo - but perhaps those are better to
> check coverage of your own code rather than the dependencies.
MG>when I first started build/release management 14 years ago I was using Ant so  Clover
was the only code-coverage utilityhttps://confluence.atlassian.com/display/CLOVER/Clover-for-Maven+2+and+3+User's+Guide
MG>emma gained a foothold about 10 years ago when I switched to maven but I also wanted
code-coverage for Aspectj
MG>I asked the contributors how to add AspectJ but i have yet to hear back..MG>this
is sad when the author abandons the project and wont let anyone else update the codehttp://emma.sourceforge.net/maven-emma-plugin/team-list.html
MG>Cobertura has been mentioned continuously by maven devs so I think this is the most
implemented used code-coverage plugin http://cobertura.github.io/cobertura/
> 
> 
> On 2 May 2016 at 11:22, Martin Gainty <mgainty@hotmail.com> wrote:
> > with other apache products to reduce code bloat and reduce deprecated packages you
might want to run
> > maven dependency:treemvn dependency:tree -Dverbose https://maven.apache.org/plugins/maven-dependency-plugin/examples/resolving-conflicts-using-the-dependency-tree.html
> > compare delta(s) with
> > emma code coveragehttp://emma.sourceforge.net/
> > as I have some spare cycles let me know if I can be of any assistance
> > Thanks Stian
> > Martin
> >
> >
> >
> >> From: stain@apache.org
> >> Date: Mon, 2 May 2016 03:23:42 +0100
> >> Subject: ECCN cryptography reporting?
> >> To: general@incubator.apache.org
> >>
> >> Hi,
> >>
> >> Taverna is preparing its cryptography registration for US Export purposes:
> >>
> >> https://cwiki.apache.org/confluence/display/TAVERNADEV/Taverna+Cryptography+review
> >>
> >>
> >> We want to have this sorted before we make the next release candidate
> >> - but we're awaiting LEGAL-250 to see if we can reduce the list of
> >> transitive dependencies in this list - it feels excessive if "anything
> >> that can do https" needs to be listed (that would presumably affect
> >> many more projects)
> >>
> >>
> >> See also http://www.apache.org/dev/crypto.html and already classified
> >> ASF products on http://www.apache.org/licenses/exports/
> >>
> >>
> >>
> >> Formally - would it need to be the Incubator PMC chair sending the
> >> ECCN encryption email?
> >>
> >> I'll let you know when it's ready to send.
> >>
> >> --
> >> Stian Soiland-Reyes
> >> Apache Taverna (incubating), Apache Commons RDF (incubating)
> >> http://orcid.org/0000-0001-9842-9718
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> >> For additional commands, e-mail: general-help@incubator.apache.org
> >>
> >
> 
> 
> 
> -- 
> Stian Soiland-Reyes
> Apache Taverna (incubating), Apache Commons RDF (incubating)
> http://orcid.org/0000-0001-9842-9718
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
> 
 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message