www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henri Yandell <bay...@apache.org>
Subject Re: ECCN for bundles in a binary convenience package
Date Thu, 07 Apr 2016 05:02:30 GMT
If it contains crypto implementations, I think we should ask the 3rd party
project for their ECCN information.

Hen

On Sat, Apr 2, 2016 at 9:58 PM, Alex Harui <aharui@adobe.com> wrote:

>
>
> On 4/2/16, 3:30 PM, "Justin Mclean" <justin@classsoftware.com> wrote:
>
> >Hi,
> >
> >Wouldn't the ECCN number be 5D002 just like encryption code in other ASF
> >projects. [1]
>
> I have no idea.  I've been unable to make sense of the documentation I've
> read.  For example [2] implies that there can be some "exception" assigned
> by BIS.  Maybe Google has one?  It seems puzzling that anyone can post
> some of these encryption implementations on Github without running afoul
> of US rules.  Are certain countries blocked from GitHub somehow?
>
> That is why, IMO, it is best to put the onus on getting the upstream
> documentation on the upstream community.  It isn't clear how much time and
> effort ASF PMCs should spend on verifying third-party bundles.  Where does
> the trust end?
>
> -Alex
>
> [2]
> http://searchsecurity.techtarget.com/answer/What-are-the-export-limitations
> -for-AES-data-encryption
>
> >
> >Thanks,
> >Justin
> >
> >1. http://www.apache.org/licenses/exports/
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> >For additional commands, e-mail: legal-discuss-help@apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
>

Mime
View raw message