incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Huxing Zhang <hux...@apache.org>
Subject Re: [VOTE]: Release Apache Dubbo (Incubating) 2.6.2 [RC2]
Date Mon, 04 Jun 2018 07:27:54 GMT
Hi,

On Sun, Jun 3, 2018 at 2:08 PM, Justin Mclean <justin@classsoftware.com> wrote:
> Hi,
>
> +1 (binding). There is an security software export issue that needs looking into and
probably acted on.
>
> I checked:
> - incubating in name
> - signatures and hashed all good
> - DISCLAIMER exists
> - LICENSE and NOTICE correct
> - No unexpected binary files
> - Source files have ASF headers (with a couple of exceptions)
> - Can compile from source
>
> Re including the full text of the guava license as it is boiler plate ALv2 there's no
need to duplicate that in LICENSE. You may want to include as a text file but there’s no
real need IMO.

The included text in LICENSE is not boiler plate ALv2 for guava(there
is just a link to the license), it is a modified version of Apache
license v1.1 for hessian-lite.

>
> On minor issue is that some of the pom files still have "Copyright 1999-2011 Alibaba
Group.” in them this should be updated.
>
> I also just noticed that hessian lite (bundled in the source code) includes some encryption
code. (See files X509Encryption.java and X509Signature.java.) It’s likely that the PPMC
will need to go though this process [1] but I cannot say for sure as I don’t know US regulation
on this well. What’s required is to register the software for export and add a warning that
the code contains encryption software to the README. Note that instruction on that page may
be out of date. Here’s the ASF export list for comparison. [2]
>
> I’m struct by a sense of irony that software that’s been mostly developed in China
may need an US export license to be used in China when hosted for distribution at the ASF.
:-)
>
> Thanks,
> Justin
>
> 1. http://www.apache.org/dev/crypto.html
> 2. http://www.apache.org/licenses/exports/
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>

-- 
Best Regards!
Huxing

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message