www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Harui <aha...@adobe.com>
Subject Re: ECCN for bundles in a binary convenience package
Date Thu, 07 Apr 2016 05:16:47 GMT
Thanks for replying.  What are the risks to the ASF and/or RM for bundling and releasing anyway?
 Especially if no ASF code actually uses the crypto code?  The crypto code is just some of
many files in a huge library.

Thanks,
-Alex

From: Henri Yandell <bayard@apache.org<mailto:bayard@apache.org>>
Reply-To: "legal-discuss@apache.org<mailto:legal-discuss@apache.org>" <legal-discuss@apache.org<mailto:legal-discuss@apache.org>>
Date: Wednesday, April 6, 2016 at 10:02 PM
To: ASF Legal Discuss <legal-discuss@apache.org<mailto:legal-discuss@apache.org>>
Subject: Re: ECCN for bundles in a binary convenience package

If it contains crypto implementations, I think we should ask the 3rd party project for their
ECCN information.

Hen

On Sat, Apr 2, 2016 at 9:58 PM, Alex Harui <aharui@adobe.com<mailto:aharui@adobe.com>>
wrote:


On 4/2/16, 3:30 PM, "Justin Mclean" <justin@classsoftware.com<mailto:justin@classsoftware.com>>
wrote:

>Hi,
>
>Wouldn't the ECCN number be 5D002 just like encryption code in other ASF
>projects. [1]

I have no idea.  I've been unable to make sense of the documentation I've
read.  For example [2] implies that there can be some "exception" assigned
by BIS.  Maybe Google has one?  It seems puzzling that anyone can post
some of these encryption implementations on Github without running afoul
of US rules.  Are certain countries blocked from GitHub somehow?

That is why, IMO, it is best to put the onus on getting the upstream
documentation on the upstream community.  It isn't clear how much time and
effort ASF PMCs should spend on verifying third-party bundles.  Where does
the trust end?

-Alex

[2]
http://searchsecurity.techtarget.com/answer/What-are-the-export-limitations
-for-AES-data-encryption

>
>Thanks,
>Justin
>
>1. http://www.apache.org/licenses/exports/
>---------------------------------------------------------------------
>To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org<mailto:legal-discuss-unsubscribe@apache.org>
>For additional commands, e-mail: legal-discuss-help@apache.org<mailto:legal-discuss-help@apache.org>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org<mailto:legal-discuss-unsubscribe@apache.org>
For additional commands, e-mail: legal-discuss-help@apache.org<mailto:legal-discuss-help@apache.org>


Mime
View raw message