Also note that there is a TSU Exception, EAR 740.13(e) - Publicly available encryption source code - which the dev/crypto.html page says applies to the ASF.
I think we need to wait for guidance from Legal. On 5 May 2016 at 10:04, Benedikt Ritter <brit...@apache.org> wrote: > Hi, > > Stian Soiland-Reyes <st...@apache.org> schrieb am Mi., 4. Mai 2016 um > 14:35 Uhr: > >> Hi, >> >> Sorry for spotting this.. >> >> >> Apache Commons Crypto is not listed on >> http://www.apache.org/licenses/exports/ - does it need to be? (One >> would assume so..) >> >> Also it was raised that Commons VFS depends on Bouncy Castle/Apache >> Mina/Jetty/SSHD/Hadoop/jsch and has encryption binding for AES128 - >> perhaps that also needs to be listed and registered? >> > > Thank you for pointing this out. I've reported this as > https://issues.apache.org/jira/browse/CRYPTO-54. I'm not involved in VFS, > but I've seen that the discussion about that has already started on the > vote for VFS 2.0 rc1. > > Benedikt > > >> >> >> We only have listed: >> >> Commons Compress >> Commons OpenPGP >> >> >> See guidance on >> http://www.apache.org/dev/crypto.html >> >> >> BTW - I've raised https://issues.apache.org/jira/browse/LEGAL-250 to >> see if merely using a listed source as a Maven <dependency> means you >> also are classified - or if you would need to also bundle the >> dependency's binary (which I think we don't do). >> >> >> >> -- >> Stian Soiland-Reyes >> Apache Taverna (incubating), Apache Commons RDF (incubating) >> http://orcid.org/0000-0001-9842-9718 >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >> For additional commands, e-mail: dev-h...@commons.apache.org >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
