pulsar-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sahaya Andrews <andr...@apache.org>
Subject Re: Pulsar encryption, Bouncycastle and export license page
Date Mon, 25 Sep 2017 22:40:03 GMT
In the bouncy castle website, they refer to their ftp website for
previous releases. The corresponding ftp location for the version we
are using would be:
ftp://ftp.bouncycastle.org/pub/release1.55/bcprov-jdk15on-155.jar
ftp://ftp.bouncycastle.org/pub/release1.55/bcprov-jdk15on-155.jar

Andrews.

On Mon, Sep 25, 2017 at 3:27 PM, Matteo Merli <mmerli@apache.org> wrote:
> The exact BouncyCastle JAR that is going to be fetched during the build
> would be :
>
> http://repo2.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/1.55/bcpkix-jdk15on-1.55.jar
>
> And for Pulsar source code, should we just list the git repo at
> https://github.com/apache/incubator-pulsar ?
>
>
>
>
> On Mon, Sep 25, 2017 at 1:32 PM Dave Fisher <dave2wave@comcast.net> wrote:
>
>> Hi Joe,
>>
>> I can help submit the form to the government and make the changes to the
>> ECCN pageā€¦
>>
>> To make the update I need to know the hrefs below:
>>
>> <Product>
>> <Name>Apache Pulsar</Name>
>> <Version>
>> <Names>Versions 1.20 and greater</Names>
>> <ECCN>5D002</ECCN>
>> <ControlledSource href="https://pulsar trunk">
>> <Manufacturer>ASF</Manufacturer>
>> <Why>
>> Designed for use with the Bouncy Castle enryption libraries.
>> </Why>
>> </ControlledSource>
>> <ControlledSource href="https://path.to.pulsars.bouncy-castle.jar">
>> <Manufacturer>Bouncy Castle</Manufacturer>
>> <Why>General-purpose encryption library</Why>
>> </ControlledSource>
>> </Version>
>> </Product>
>>
>> Regards,
>> Dave
>>
>>
>> On Sep 21, 2017, at 7:54 PM, Dave Fisher <dave2wave@comcast.net> wrote:
>>
>> Hi Joe,
>>
>> This is a good catch. I am traveling this week and can help with the
>> filing on Monday unless one of the other mentors can do so tomorrow.
>>
>> Regards,
>> Dave
>>
>> Sent from my iPhone
>>
>> On Sep 21, 2017, at 8:36 PM, Joe F <joefrancisk@gmail.com> wrote:
>>
>> Hi Mentors,
>>
>> As I was going through  the license verification for the next release
>> (1.20) , I happened to see this
>> http://www.apache.org/licenses/exports/  (which I'm calling the export
>> license page)
>>
>> Pulsar 1.20 release introduces encryption (as an optional feature), and it
>> uses Bouncycastle, and  we were planning on including the Bouncy* jars in
>> the binary.
>>
>> Many Apache projects using Bouncycastle as listed on the export license
>> page. Do we need to list it Pulsar on  the export license  page now? If so,
>> how do we get it into there?
>>
>> Or should we just remove the BouncyCastle jars  from the distribution and
>> leave it optional,  letting  users install it  if needed?  Users will need
>> to install it for building Pulsar from source.  They wont need it for
>> running Pulsar, unless they use encryption.
>>
>> What's the guidance on this?
>>
>> Cheers,
>> Joe
>>
>>
>>
>> --
> Matteo Merli
> <mmerli@apache.org>

Mime
View raw message