Export control disclaimer in README

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Export control disclaimer in README

Mike Walch-2
The Accumulo README.md[1] has an export control disclaimer. Does anyone
know the reasoning for it? Would anyone be opposed if it was removed?

[1]: https://github.com/apache/accumulo/blob/master/README.md
Reply | Threaded
Open this post in threaded view
|

Re: Export control disclaimer in README

Mike Drob-4
We need it for the crypto libraries used for encryption at rest stuff. If
you want to remove the disclaimer then you have to tear out those pieces as
well.

Maybe this is not necessary any more with java 8 and changed default
security policies? Would be good to check with Apache Legal before making
changes.

On Mon, Apr 2, 2018 at 10:01 PM, Mike Walch <[hidden email]> wrote:

> The Accumulo README.md[1] has an export control disclaimer. Does anyone
> know the reasoning for it? Would anyone be opposed if it was removed?
>
> [1]: https://github.com/apache/accumulo/blob/master/README.md
>
Reply | Threaded
Open this post in threaded view
|

Re: Export control disclaimer in README

Christopher Tubbs-2
ASF policy seems to require the text in the README:
http://www.apache.org/dev/crypto.html#inform (not a legal requirement, just
an ASF one)

On Mon, Apr 2, 2018 at 6:06 PM Mike Drob <[hidden email]> wrote:

> We need it for the crypto libraries used for encryption at rest stuff. If
> you want to remove the disclaimer then you have to tear out those pieces as
> well.
>
> Maybe this is not necessary any more with java 8 and changed default
> security policies? Would be good to check with Apache Legal before making
> changes.
>
> On Mon, Apr 2, 2018 at 10:01 PM, Mike Walch <[hidden email]> wrote:
>
> > The Accumulo README.md[1] has an export control disclaimer. Does anyone
> > know the reasoning for it? Would anyone be opposed if it was removed?
> >
> > [1]: https://github.com/apache/accumulo/blob/master/README.md
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Export control disclaimer in README

Mike Walch-2
In reply to this post by Mike Drob-4
The reason I asked this question is I don't see any crypto-related jars in
the binay distribution of Accumulo
and I don't think our source contains any cryptographic software. Does
anyone know of any case where
we include cryptographic software in the source or binary distribution?

While Accumulo can be used with crypto libraries to encrypt data at rest,
it looks like we don't distribute
any cryptographic software so I would think the disclaimer could be
removed.

On Mon, Apr 2, 2018 at 6:06 PM, Mike Drob <[hidden email]> wrote:

> We need it for the crypto libraries used for encryption at rest stuff. If
> you want to remove the disclaimer then you have to tear out those pieces as
> well.
>
> Maybe this is not necessary any more with java 8 and changed default
> security policies? Would be good to check with Apache Legal before making
> changes.
>
> On Mon, Apr 2, 2018 at 10:01 PM, Mike Walch <[hidden email]> wrote:
>
> > The Accumulo README.md[1] has an export control disclaimer. Does anyone
> > know the reasoning for it? Would anyone be opposed if it was removed?
> >
> > [1]: https://github.com/apache/accumulo/blob/master/README.md
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Export control disclaimer in README

Billie Rinaldi-2
The instructions say "PMCs considering including cryptographic
functionality within their products or specially designing their products
to use other software with cryptographic functionality should take the
following steps." It seems like we fall under the "specially designed"
category.

On Tue, Apr 3, 2018 at 8:58 AM, Mike Walch <[hidden email]> wrote:

> The reason I asked this question is I don't see any crypto-related jars in
> the binay distribution of Accumulo
> and I don't think our source contains any cryptographic software. Does
> anyone know of any case where
> we include cryptographic software in the source or binary distribution?
>
> While Accumulo can be used with crypto libraries to encrypt data at rest,
> it looks like we don't distribute
> any cryptographic software so I would think the disclaimer could be
> removed.
>
> On Mon, Apr 2, 2018 at 6:06 PM, Mike Drob <[hidden email]> wrote:
>
> > We need it for the crypto libraries used for encryption at rest stuff. If
> > you want to remove the disclaimer then you have to tear out those pieces
> as
> > well.
> >
> > Maybe this is not necessary any more with java 8 and changed default
> > security policies? Would be good to check with Apache Legal before making
> > changes.
> >
> > On Mon, Apr 2, 2018 at 10:01 PM, Mike Walch <[hidden email]> wrote:
> >
> > > The Accumulo README.md[1] has an export control disclaimer. Does anyone
> > > know the reasoning for it? Would anyone be opposed if it was removed?
> > >
> > > [1]: https://github.com/apache/accumulo/blob/master/README.md
> > >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Export control disclaimer in README

Mike Walch-2
I agree that we fall under the "specially designed" category so the
disclaimer makes sense.  Thanks Billie!

On Tue, Apr 3, 2018 at 12:12 PM, Billie Rinaldi <[hidden email]>
wrote:

> The instructions say "PMCs considering including cryptographic
> functionality within their products or specially designing their products
> to use other software with cryptographic functionality should take the
> following steps." It seems like we fall under the "specially designed"
> category.
>
> On Tue, Apr 3, 2018 at 8:58 AM, Mike Walch <[hidden email]> wrote:
>
> > The reason I asked this question is I don't see any crypto-related jars
> in
> > the binay distribution of Accumulo
> > and I don't think our source contains any cryptographic software. Does
> > anyone know of any case where
> > we include cryptographic software in the source or binary distribution?
> >
> > While Accumulo can be used with crypto libraries to encrypt data at rest,
> > it looks like we don't distribute
> > any cryptographic software so I would think the disclaimer could be
> > removed.
> >
> > On Mon, Apr 2, 2018 at 6:06 PM, Mike Drob <[hidden email]> wrote:
> >
> > > We need it for the crypto libraries used for encryption at rest stuff.
> If
> > > you want to remove the disclaimer then you have to tear out those
> pieces
> > as
> > > well.
> > >
> > > Maybe this is not necessary any more with java 8 and changed default
> > > security policies? Would be good to check with Apache Legal before
> making
> > > changes.
> > >
> > > On Mon, Apr 2, 2018 at 10:01 PM, Mike Walch <[hidden email]> wrote:
> > >
> > > > The Accumulo README.md[1] has an export control disclaimer. Does
> anyone
> > > > know the reasoning for it? Would anyone be opposed if it was removed?
> > > >
> > > > [1]: https://github.com/apache/accumulo/blob/master/README.md
> > > >
> > >
> >
>