incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <dennis.hamil...@acm.org>
Subject RE: Request dev help: Info for required crypto export declaration
Date Thu, 01 Sep 2011 23:01:07 GMT
>From <http://www.apache.org/dev/crypto.html> top of page, Overview, second paragraph:

"PMCs considering including cryptographic functionality within their products or specially
designing their products to use other software with cryptographic functionality should take
the following steps *before* placing such code on any ASF server, including commits to subversion"
[*emphasis* mine]

>From <http://incubator.apache.org/guides/mentor.html#crypto-audit>
"Before the code base is committed into an Apache repository, the contribution MUST be checked
and any restricted cryptography reported appropriately."

-----Original Message-----
From: Robert Burrell Donkin [mailto:robertburrelldonkin@gmail.com] 
Sent: Thursday, September 01, 2011 14:01
To: ooo-dev@incubator.apache.org
Subject: Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 9:35 PM, Dennis E. Hamilton
<dennis.hamilton@acm.org> wrote:
> Technically, this was to have been resolved before the code was put up on SVN.  We need
to audit specifically for this rather quickly, and including the places that Rob also identified
(import-export filters and http TLS).

I definitely recommend a full crypto audit but IIRC it's not necessary
before sending the initial notification.

AIUI (from [1] and [2]) all that's needed is a list of the
cryptographic libraries used by OOo. If the results of the full audit
differ then we can just update the details and send an updated
notification.

Robert

[1] http://www.apache.org/dev/crypto.html#sources
[2] http://www.apache.org/licenses/exports/


Mime
View raw message