Return-Path: X-Original-To: apmail-legal-discuss-archive@www.apache.org Delivered-To: apmail-legal-discuss-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2A25F10431 for ; Wed, 19 Mar 2014 06:08:58 +0000 (UTC) Received: (qmail 80415 invoked by uid 500); 19 Mar 2014 06:08:38 -0000 Delivered-To: apmail-legal-discuss-archive@apache.org Received: (qmail 79851 invoked by uid 500); 19 Mar 2014 06:08:36 -0000 Mailing-List: contact legal-discuss-help@apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: Reply-To: legal-discuss@apache.org List-Id: Delivered-To: mailing list legal-discuss@apache.org Received: (qmail 79784 invoked by uid 99); 19 Mar 2014 06:08:32 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Mar 2014 06:08:32 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy includes SPF record at spf.trusted-forwarder.org) Received: from [208.78.103.231] (HELO vorsha.objectstyle.org) (208.78.103.231) by apache.org (qpsmtpd/0.29) with SMTP; Wed, 19 Mar 2014 06:08:24 +0000 Received: (qmail 6625 invoked from network); 19 Mar 2014 06:20:25 -0000 Received: from unknown (HELO ?192.168.1.39?) (212.98.191.4) by vorsha.objectstyle.org with SMTP; 19 Mar 2014 06:20:25 -0000 Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) Subject: Re: Apache Cayenne adding data encryption - how to stay compliant From: Andrus Adamchik In-Reply-To: Date: Wed, 19 Mar 2014 09:08:00 +0300 Cc: legal-discuss@apache.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <8916E02D-0D7E-433F-A55D-0A6DC008D077@apache.org> To: private@cayenne.apache.org X-Mailer: Apple Mail (2.1874) X-Virus-Checked: Checked by ClamAV on apache.org Thanks Kevan. I guess we=92ll follow the precedent described on the = site, unless someone else tells us not to. Andrus On Mar 19, 2014, at 2:00 AM, Kevan Miller = wrote: > On Mon Mar 17 2014 at 7:26:34 AM, Andrus Adamchik = > wrote: >=20 >> Hi legal-discuss, >>=20 >> We (the Apache Cayenne project) are working on a pluggable = transparent >> mechanism that will allow users to store certain columns in RDBMS in = an >> encrypted form [1]. The basic code is already committed (using ROT13 >> "encryption" as a proof of concept), and now we are approaching a = point >> when we write the code that will manage real ciphers using JCE (Java >> Cryptography Extension) API. Cayenne itself will not contain any >> cryptographic algorithms per se, but it will be specifically designed = to >> work with such algorithms provided by Java. >>=20 >> So what do we need to do to stay compliant with US export = regulations? I >> am checking the relevant page on our site [2], which has this note: >>=20 >> "the regulations covering US export control laws for encryption were >> changed on June 25th 2010. This page describes the previous process. = Until >> an updated version has been drawn up and approved by the Apache VP = Legal >> Affairs, projects should check with the legal-discuss list before >> proceeding." >>=20 >> So what is the current procedure? >>=20 >=20 > IIRC, the last several requests have been passed by Sam to counsel. = And the > response has always been follow the process described on that web = page. Not > sure if Jim wants to follow a different process... >=20 > I don't know why that page was updated in the first place and I'm not > really up-to-speed with export control laws. >=20 > --kevan --------------------------------------------------------------------- To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org For additional commands, e-mail: legal-discuss-help@apache.org