On 01/09/2013 02:43 PM, Philip Martin wrote:
> Ben Reser <ben@reser.org> writes:
>
>> On Wed, Jan 9, 2013 at 10:46 AM, C. Michael Pilato <cmpilato@collab.net> wrote:
>>> Some time ago, I (and other Subversion devs) began some work toward adding
>>> support in Apache Subversion for an encrypted authenication credentials
>>> store -- basically, a client-side place to stuff login creds used for
>>> accessing Subversion servers. Along the way, I started wondering if this
>>> work would fall under the restrictions placed on export of software by the
>>> U.S. I got some IANAL-type advice to the effect that our usage was fine and
>>> uncontrolled/unrestricted, but I'd really rather that we have our i's dotted
>>> and t's crossed on this.
>>
>> One detail that may be important here is that there is no actual
>> encryption code in Apache Subversion, but rather but calls into the
>> encryption code that APR has.
>
> According to the FAQ:
>
> http://www.apache.org/dev/crypto.html#faq
>
> The less obvious example, is the point at which a subversion
> repository starts to include code that is specially designed to work
> with any other 5D002 item
>
> Subversion is designed to work with APR and APR-Util, which are 5D002
> items according to http://www.apache.org/licenses/exports/, so under the
> old rules Subversion should be a 5D002 item as well.
>
> Perhaps I'm misunderstanding things, but according to the old rules
> adding an encrypted credentials store doesn't change anything since
> Subversion should already be under the restrictions.
My understanding (which is so extremely limited on this topic!) per
http://www.apache.org/dev/crypto.html#notify is that, under the old rules,
Subversion would still need to notify about the use of the crypto technology.
--
C. Michael Pilato <cmpilato@collab.net>
CollabNet <> www.collab.net <> Enterprise Cloud Development
|