www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Neumann <a...@apache.org>
Subject Cryptography audit for Twill
Date Fri, 17 Jan 2014 01:03:06 GMT
Hi,

I am trying to complete the IP clearance for Twill and I am slightly
confused by the cryptography part of that (
https://issues.apache.org/jira/browse/TWILL-28).

Twill does not explicitly contain cryptographic code, except that:

   - It uses java.util.UUID.randomUUID() to generate random ids. This
   method uses "a cryptographically strong pseudo random number generator."
   Since it is part of Java, I assume that is nothing to worry about.
   - It uses Hadoop, which uses encryption. The only thing twill does here
   is store delegation tokens on HDFS and read them back.

So is there anything to do for this? Do I need to add Twill to the export
list at http://www.apache.org/licenses/exports/ ? Do we need to include a
crypto notice in our README? It is not clear to me after reading the
document at http://www.apache.org/dev/crypto.html

Thanks for your help
-Andreas.

Mime
View raw message