Dave, To the best of my knowledge, that seems completely correct.
Joe On Mon, Sep 25, 2017 at 1:20 PM, Matteo Merli <mme...@apache.org> wrote: > Hi Dave, > > thanks for chiming in. I and Joe have been reading along the document for > handling crypto code at http://www.apache.org/dev/crypto.html > > My brief understanding of it is that: > * We should have started before committing the code (though we didn't know > about it :( ) > * There is a mail that has to be sent to US gov for notification. > * The project needs to be listed in the ASF "exports" page > > * The actions are to be taken from someone in the project PMC and I am > assuming in this case that would be the Incubator PMC. > * We shouldn't need to wait from any confirmation from US gov, once the > notification is sent and the ASF page updated, we should in theory good to > commit the code (..ahem..) and make a release. > > Are my statements correct? > > Thank you, > Matteo > > On Thu, Sep 21, 2017 at 7:54 PM Dave Fisher <dave2w...@comcast.net> wrote: > > > Hi Joe, > > > > This is a good catch. I am traveling this week and can help with the > > filing on Monday unless one of the other mentors can do so tomorrow. > > > > Regards, > > Dave > > > > Sent from my iPhone > > > > > On Sep 21, 2017, at 8:36 PM, Joe F <joefranc...@gmail.com> wrote: > > > > > > Hi Mentors, > > > > > > As I was going through the license verification for the next release > > > (1.20) , I happened to see this > > > http://www.apache.org/licenses/exports/ (which I'm calling the export > > > license page) > > > > > > Pulsar 1.20 release introduces encryption (as an optional feature), and > > it > > > uses Bouncycastle, and we were planning on including the Bouncy* jars > in > > > the binary. > > > > > > Many Apache projects using Bouncycastle as listed on the export license > > > page. Do we need to list it Pulsar on the export license page now? If > > so, > > > how do we get it into there? > > > > > > Or should we just remove the BouncyCastle jars from the distribution > and > > > leave it optional, letting users install it if needed? Users will > > need > > > to install it for building Pulsar from source. They wont need it for > > > running Pulsar, unless they use encryption. > > > > > > What's the guidance on this? > > > > > > Cheers, > > > Joe > > > > -- > Matteo Merli > <mme...@apache.org> >
