www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philip Martin <phi...@codematters.co.uk>
Subject Re: Subversion, encryption, export restrictions, etc.
Date Wed, 09 Jan 2013 19:43:28 GMT
Ben Reser <ben@reser.org> writes:

> On Wed, Jan 9, 2013 at 10:46 AM, C. Michael Pilato <cmpilato@collab.net> wrote:
>> Some time ago, I (and other Subversion devs) began some work toward adding
>> support in Apache Subversion for an encrypted authenication credentials
>> store -- basically, a client-side place to stuff login creds used for
>> accessing Subversion servers.  Along the way, I started wondering if this
>> work would fall under the restrictions placed on export of software by the
>> U.S.  I got some IANAL-type advice to the effect that our usage was fine and
>> uncontrolled/unrestricted, but I'd really rather that we have our i's dotted
>> and t's crossed on this.
>
> One detail that may be important here is that there is no actual
> encryption code in Apache Subversion, but rather but calls into the
> encryption code that APR has.

According to the FAQ:

http://www.apache.org/dev/crypto.html#faq

  The less obvious example, is the point at which a subversion
  repository starts to include code that is specially designed to work
  with any other 5D002 item

Subversion is designed to work with APR and APR-Util, which are 5D002
items according to http://www.apache.org/licenses/exports/, so under the
old rules Subversion should be a 5D002 item as well.

Perhaps I'm misunderstanding things, but according to the old rules
adding an encrypted credentials store doesn't change anything since
Subversion should already be under the restrictions.

-- 
Philip

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message