www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Harui <aha...@adobe.com>
Subject Re: ECCN for bundles in a binary convenience package
Date Sun, 03 Apr 2016 04:58:05 GMT


On 4/2/16, 3:30 PM, "Justin Mclean" <justin@classsoftware.com> wrote:

>Hi,
>
>Wouldn't the ECCN number be 5D002 just like encryption code in other ASF
>projects. [1]

I have no idea.  I've been unable to make sense of the documentation I've
read.  For example [2] implies that there can be some "exception" assigned
by BIS.  Maybe Google has one?  It seems puzzling that anyone can post
some of these encryption implementations on Github without running afoul
of US rules.  Are certain countries blocked from GitHub somehow?

That is why, IMO, it is best to put the onus on getting the upstream
documentation on the upstream community.  It isn't clear how much time and
effort ASF PMCs should spend on verifying third-party bundles.  Where does
the trust end?

-Alex

[2] 
http://searchsecurity.techtarget.com/answer/What-are-the-export-limitations
-for-AES-data-encryption

>
>Thanks,
>Justin
>
>1. http://www.apache.org/licenses/exports/
>---------------------------------------------------------------------
>To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>For additional commands, e-mail: legal-discuss-help@apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

Mime
View raw message