turbine-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Turbine Wiki] Update of "BoardReport-February2008" by ScottEade
Date Wed, 12 Nov 2008 12:18:14 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Turbine Wiki" for change notification.

The following page has been changed by ScottEade:

- == Apache Turbine Project Board Report, February 2008 ==
+ deleted
- === Status ===
- There has been good progress towards resolving the outstanding ECCN issues within the Turbine
project.  See below for details.
- The final tasks relating to Turbine becoming a TLP have ''finally'' been completed - the
mirrored downloads and archived releases have been moved from jakarta to turbine directories.
- Other than this the Turbine project continues on with a fairly low level of activity.
- The Turbine project has no board-level issues at this time.
- ==== ECCN Status and activity ====
- While this issue has been highlighted by Bill for the current round of reports, it has been
on our radar for some time now.
- The following areas '''''had''''' the potential to require ECCN registration due to their
use of a "symmetric algorithm employing a key length exceeding 56 bits" and/or because they
"were designed to work with strong cryptographic libraries":
-  1. fulcrum-crypto - used the cryptix library to implement Unix crypt()
-  1. The Crypto Service in Turbine Core, from which fulcrum-crypto was extracted - also used
the cryptix library
-  1. fulcrum-yaafi - supports decryption of strongly encrypted configuration files
-  1. fulcrum-pbe - supports strong encryption/decryption of files
- In particular, the following actions have taken place:
-  * the cryptix dependency has been removed from fulcrum-crypto and Turbine core's Crypto
Service (replaced with org.apache.jetspeed.services.security.ldap.UnixCrypt from the JetSpeed
Portal project). 
-  * the exposed interfaces and underlying implementation of fulcrum-yaafi and fulcrum-pbe
have been modified to ensure that only DES (56 bit key length) can be used (strong encryption
was never used but was available through the exposed interfaces).
- It is our understanding that after our next release of the following components, no aspects
of the Apache Turbine project will require ECCN registration:
-  * fulcrum-crypto-1.0.7 - ETA some time in the next few weeks
-  * turbine-2.3.3 - ETA some time in the next month or so
-  * fulcrum-yaafi-1.0.6 - ETA some time in the next few weeks
-  * fulcrum-pbe-1.0.0 - Not yet a released component so no release required in order to comply.
- === Community changes ===
- No new committers were voted in since the last board report.
- No new PMC members were voted in since the last board report.
- === Turbine core project ===
- The Turbine Core trunk and turbine-site modules have been updated to ASL 2.0 - this was
long overdue and is in preparation for a future release.
- The changes to fulcrum-crypto have been backported to the Crypto Service so as to eliminate
the ECCN registration requirement for Turbine core.
- We are working on releasing Turbine 2.3.3 - this has primarily been waiting on the DB Project's
Torque 3.3 release which is likely to appear in the next couple of weeks.
- No beta or final releases were made since the last board report.
- === Fulcrum component project ===
- Mostly ECCN related activity, but progress on migrating from Maven 1.x to Maven 2.x for
project builds has commenced.
- No beta or final releases were made since the last board report.
- === META project ===
- No beta or final releases were made since the last board report.

To unsubscribe, e-mail: dev-unsubscribe@turbine.apache.org
For additional commands, e-mail: dev-help@turbine.apache.org

View raw message