pulsar-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matteo Merli <mme...@apache.org>
Subject Re: Pulsar encryption, Bouncycastle and export license page
Date Mon, 25 Sep 2017 22:27:49 GMT
The exact BouncyCastle JAR that is going to be fetched during the build
would be :

http://repo2.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/1.55/bcpkix-jdk15on-1.55.jar

And for Pulsar source code, should we just list the git repo at
https://github.com/apache/incubator-pulsar ?




On Mon, Sep 25, 2017 at 1:32 PM Dave Fisher <dave2wave@comcast.net> wrote:

> Hi Joe,
>
> I can help submit the form to the government and make the changes to the
> ECCN pageā€¦
>
> To make the update I need to know the hrefs below:
>
> <Product>
> <Name>Apache Pulsar</Name>
> <Version>
> <Names>Versions 1.20 and greater</Names>
> <ECCN>5D002</ECCN>
> <ControlledSource href="https://pulsar trunk">
> <Manufacturer>ASF</Manufacturer>
> <Why>
> Designed for use with the Bouncy Castle enryption libraries.
> </Why>
> </ControlledSource>
> <ControlledSource href="https://path.to.pulsars.bouncy-castle.jar">
> <Manufacturer>Bouncy Castle</Manufacturer>
> <Why>General-purpose encryption library</Why>
> </ControlledSource>
> </Version>
> </Product>
>
> Regards,
> Dave
>
>
> On Sep 21, 2017, at 7:54 PM, Dave Fisher <dave2wave@comcast.net> wrote:
>
> Hi Joe,
>
> This is a good catch. I am traveling this week and can help with the
> filing on Monday unless one of the other mentors can do so tomorrow.
>
> Regards,
> Dave
>
> Sent from my iPhone
>
> On Sep 21, 2017, at 8:36 PM, Joe F <joefrancisk@gmail.com> wrote:
>
> Hi Mentors,
>
> As I was going through  the license verification for the next release
> (1.20) , I happened to see this
> http://www.apache.org/licenses/exports/  (which I'm calling the export
> license page)
>
> Pulsar 1.20 release introduces encryption (as an optional feature), and it
> uses Bouncycastle, and  we were planning on including the Bouncy* jars in
> the binary.
>
> Many Apache projects using Bouncycastle as listed on the export license
> page. Do we need to list it Pulsar on  the export license  page now? If so,
> how do we get it into there?
>
> Or should we just remove the BouncyCastle jars  from the distribution and
> leave it optional,  letting  users install it  if needed?  Users will need
> to install it for building Pulsar from source.  They wont need it for
> running Pulsar, unless they use encryption.
>
> What's the guidance on this?
>
> Cheers,
> Joe
>
>
>
> --
Matteo Merli
<mmerli@apache.org>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message