Hi, Stian Soiland-Reyes <st...@apache.org> schrieb am Mi., 4. Mai 2016 um 14:35 Uhr:
> Hi, > > Sorry for spotting this.. > > > Apache Commons Crypto is not listed on > http://www.apache.org/licenses/exports/ - does it need to be? (One > would assume so..) > > Also it was raised that Commons VFS depends on Bouncy Castle/Apache > Mina/Jetty/SSHD/Hadoop/jsch and has encryption binding for AES128 - > perhaps that also needs to be listed and registered? > Thank you for pointing this out. I've reported this as https://issues.apache.org/jira/browse/CRYPTO-54. I'm not involved in VFS, but I've seen that the discussion about that has already started on the vote for VFS 2.0 rc1. Benedikt > > > We only have listed: > > Commons Compress > Commons OpenPGP > > > See guidance on > http://www.apache.org/dev/crypto.html > > > BTW - I've raised https://issues.apache.org/jira/browse/LEGAL-250 to > see if merely using a listed source as a Maven <dependency> means you > also are classified - or if you would need to also bundle the > dependency's binary (which I think we don't do). > > > > -- > Stian Soiland-Reyes > Apache Taverna (incubating), Apache Commons RDF (incubating) > http://orcid.org/0000-0001-9842-9718 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
