incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Huxing Zhang <>
Subject Re: [VOTE]: Release Apache Dubbo (Incubating) 2.6.2 [RC2]
Date Mon, 04 Jun 2018 07:27:54 GMT

On Sun, Jun 3, 2018 at 2:08 PM, Justin Mclean <> wrote:
> Hi,
> +1 (binding). There is an security software export issue that needs looking into and
probably acted on.
> I checked:
> - incubating in name
> - signatures and hashed all good
> - DISCLAIMER exists
> - LICENSE and NOTICE correct
> - No unexpected binary files
> - Source files have ASF headers (with a couple of exceptions)
> - Can compile from source
> Re including the full text of the guava license as it is boiler plate ALv2 there's no
need to duplicate that in LICENSE. You may want to include as a text file but there’s no
real need IMO.

The included text in LICENSE is not boiler plate ALv2 for guava(there
is just a link to the license), it is a modified version of Apache
license v1.1 for hessian-lite.

> On minor issue is that some of the pom files still have "Copyright 1999-2011 Alibaba
Group.” in them this should be updated.
> I also just noticed that hessian lite (bundled in the source code) includes some encryption
code. (See files and It’s likely that the PPMC
will need to go though this process [1] but I cannot say for sure as I don’t know US regulation
on this well. What’s required is to register the software for export and add a warning that
the code contains encryption software to the README. Note that instruction on that page may
be out of date. Here’s the ASF export list for comparison. [2]
> I’m struct by a sense of irony that software that’s been mostly developed in China
may need an US export license to be used in China when hosted for distribution at the ASF.
> Thanks,
> Justin
> 1.
> 2.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Best Regards!

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message