www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrus Adamchik <aadamc...@apache.org>
Subject Apache Cayenne adding data encryption - how to stay compliant
Date Mon, 17 Mar 2014 14:25:58 GMT
Hi legal-discuss,

We (the Apache Cayenne project) are working on a pluggable transparent mechanism that will
allow users to store certain columns in RDBMS in an encrypted form [1]. The basic code is
already committed (using ROT13 “encryption” as a proof of concept), and now we are approaching
a point when we write the code that will manage real ciphers using JCE (Java Cryptography
Extension) API. Cayenne itself will not contain any cryptographic algorithms per se, but it
will be specifically designed to work with such algorithms provided by Java. 

So what do we need to do to stay compliant with US export regulations? I am checking the relevant
page on our site [2], which has this note:

"the regulations covering US export control laws for encryption were changed on June 25th
2010. This page describes the previous process. Until an updated version has been drawn up
and approved by the Apache VP Legal Affairs, projects should check with the legal-discuss
list before proceeding.”

So what is the current procedure?


[1] http://mail-archives.apache.org/mod_mbox/cayenne-dev/201403.mbox/%3C3ED637D3-CE95-46B6-B172-593B9EF31FC1%40objectstyle.org%3E
[2] https://www.apache.org/dev/crypto.html
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message