pulsar-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Fisher <dave2w...@comcast.net>
Subject Re: Pulsar encryption, Bouncycastle and export license page
Date Mon, 25 Sep 2017 21:58:13 GMT
Hi Matteo,

> On Sep 25, 2017, at 1:20 PM, Matteo Merli <mmerli@apache.org> wrote:
> Hi Dave,
> thanks for chiming in. I and Joe have been reading along the document for
> handling crypto code at http://www.apache.org/dev/crypto.html
> My brief understanding of it is that:
> * We should have started before committing the code (though we didn't know
> about it :( )

No worries we are doing it now.

> * There is a mail that has to be sent to US gov for notification.

I’ll take care of it once we update the exports page.

> * The project needs to be listed in the ASF "exports” page

I can do this too. See my recent email.

> * The actions are to be taken from someone in the project PMC and I am
> assuming in this case that would be the Incubator PMC.

Yes. IPMC and I can do it.

> * We shouldn't need to wait from any confirmation from US gov, once the
> notification is sent and the ASF page updated, we should in theory good to
> commit the code (..ahem..) and make a release.


> Are my statements correct?



> Thank you,
> Matteo
> On Thu, Sep 21, 2017 at 7:54 PM Dave Fisher <dave2wave@comcast.net> wrote:
>> Hi Joe,
>> This is a good catch. I am traveling this week and can help with the
>> filing on Monday unless one of the other mentors can do so tomorrow.
>> Regards,
>> Dave
>> Sent from my iPhone
>>> On Sep 21, 2017, at 8:36 PM, Joe F <joefrancisk@gmail.com> wrote:
>>> Hi Mentors,
>>> As I was going through  the license verification for the next release
>>> (1.20) , I happened to see this
>>> http://www.apache.org/licenses/exports/  (which I'm calling the export
>>> license page)
>>> Pulsar 1.20 release introduces encryption (as an optional feature), and
>> it
>>> uses Bouncycastle, and  we were planning on including the Bouncy* jars in
>>> the binary.
>>> Many Apache projects using Bouncycastle as listed on the export license
>>> page. Do we need to list it Pulsar on  the export license  page now? If
>> so,
>>> how do we get it into there?
>>> Or should we just remove the BouncyCastle jars  from the distribution and
>>> leave it optional,  letting  users install it  if needed?  Users will
>> need
>>> to install it for building Pulsar from source.  They wont need it for
>>> running Pulsar, unless they use encryption.
>>> What's the guidance on this?
>>> Cheers,
>>> Joe
>> --
> Matteo Merli
> <mmerli@apache.org>

View raw message