pulsar-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Francis <j...@oath.com.INVALID>
Subject Re: Pulsar encryption, Bouncycastle and export license page
Date Mon, 25 Sep 2017 21:04:09 GMT
Dave,

To the best of my knowledge, that seems completely correct.

Joe

On Mon, Sep 25, 2017 at 1:20 PM, Matteo Merli <mmerli@apache.org> wrote:

> Hi Dave,
>
> thanks for chiming in. I and Joe have been reading along the document for
> handling crypto code at http://www.apache.org/dev/crypto.html
>
> My brief understanding of it is that:
>  * We should have started before committing the code (though we didn't know
> about it :( )
>  * There is a mail that has to be sent to US gov for notification.
>  * The project needs to be listed in the ASF "exports" page
>
>  * The actions are to be taken from someone in the project PMC and I am
> assuming in this case that would be the Incubator PMC.
>  * We shouldn't need to wait from any confirmation from US gov, once the
> notification is sent and the ASF page updated, we should in theory good to
> commit the code (..ahem..) and make a release.
>
> Are my statements correct?
>
> Thank you,
> Matteo
>
> On Thu, Sep 21, 2017 at 7:54 PM Dave Fisher <dave2wave@comcast.net> wrote:
>
> > Hi Joe,
> >
> > This is a good catch. I am traveling this week and can help with the
> > filing on Monday unless one of the other mentors can do so tomorrow.
> >
> > Regards,
> > Dave
> >
> > Sent from my iPhone
> >
> > > On Sep 21, 2017, at 8:36 PM, Joe F <joefrancisk@gmail.com> wrote:
> > >
> > > Hi Mentors,
> > >
> > > As I was going through  the license verification for the next release
> > > (1.20) , I happened to see this
> > > http://www.apache.org/licenses/exports/  (which I'm calling the export
> > > license page)
> > >
> > > Pulsar 1.20 release introduces encryption (as an optional feature), and
> > it
> > > uses Bouncycastle, and  we were planning on including the Bouncy* jars
> in
> > > the binary.
> > >
> > > Many Apache projects using Bouncycastle as listed on the export license
> > > page. Do we need to list it Pulsar on  the export license  page now? If
> > so,
> > > how do we get it into there?
> > >
> > > Or should we just remove the BouncyCastle jars  from the distribution
> and
> > > leave it optional,  letting  users install it  if needed?  Users will
> > need
> > > to install it for building Pulsar from source.  They wont need it for
> > > running Pulsar, unless they use encryption.
> > >
> > > What's the guidance on this?
> > >
> > > Cheers,
> > > Joe
> >
> > --
> Matteo Merli
> <mmerli@apache.org>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message