www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrus Adamchik <aadamc...@apache.org>
Subject Re: Apache Cayenne adding data encryption - how to stay compliant
Date Wed, 19 Mar 2014 06:08:00 GMT
Thanks Kevan. I guess we’ll follow the precedent described on the site, unless someone else
tells us not to.


On Mar 19, 2014, at 2:00 AM, Kevan Miller <kevan.miller@gmail.com> wrote:

> On Mon Mar 17 2014 at 7:26:34 AM, Andrus Adamchik <aadamchik@apache.org>
> wrote:
>> Hi legal-discuss,
>> We (the Apache Cayenne project) are working on a pluggable transparent
>> mechanism that will allow users to store certain columns in RDBMS in an
>> encrypted form [1]. The basic code is already committed (using ROT13
>> "encryption" as a proof of concept), and now we are approaching a point
>> when we write the code that will manage real ciphers using JCE (Java
>> Cryptography Extension) API. Cayenne itself will not contain any
>> cryptographic algorithms per se, but it will be specifically designed to
>> work with such algorithms provided by Java.
>> So what do we need to do to stay compliant with US export regulations? I
>> am checking the relevant page on our site [2], which has this note:
>> "the regulations covering US export control laws for encryption were
>> changed on June 25th 2010. This page describes the previous process. Until
>> an updated version has been drawn up and approved by the Apache VP Legal
>> Affairs, projects should check with the legal-discuss list before
>> proceeding."
>> So what is the current procedure?
> IIRC, the last several requests have been passed by Sam to counsel. And the
> response has always been follow the process described on that web page. Not
> sure if Jim wants to follow a different process...
> I don't know why that page was updated in the first place and I'm not
> really up-to-speed with export control laws.
> --kevan

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message