river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Brouwer <mark.brou...@cheiron.org>
Subject Handling Cryptography within an ASF Release
Date Thu, 30 Aug 2007 07:49:49 GMT
Based on a posting passing by in general@incubator.apache.org related to
a project using cryptographic functions, I'm utterly confused. I quote
from a Board Meeting that has been posted to that list:

"In the long term, using rat or similar scanning to pick up any
crypto dependencies would be helpful. But that doesn't relieve
any projects from complying with the export notification policy.

It seems that this process will need tweaking for Incubation
projects since (at the moment) we use per-project data collection,
and all of incubator falls under a single project.

We should probably make this part of the entry requirements for
a project so that the issue is noted long before files exist in

This is different as it appears to me from what has been discussed
before here when I raised a similar question, where it was stated by
Geir that we only need to take care of this at release time.

How I read the Board note and the FAQ at
http://www.apache.org/dev/crypto.html it seems we had to notify the U.S.
Government already of the JTSK codebase entering SVN.

Any comments?

View raw message