Hi Suresh, I am vetting all the jar files an i see that layout-1.0.4.jar is under LGPL which is NOT Apache compatible. I see no reason why that jar should be there, the source compiled without the layout-1.0.4.jar so i am guessing it was put there by a mistake.
I ve created a blocker for release and will fix this. AIRAVATA-256 On Wed, Dec 28, 2011 at 1:49 AM, Suresh Marru <[email protected]> wrote: > Hi Chathura, > > I am sorry I am slacking on release more than I expected. I followed the > export control procedures, and tracked progress on - > https://issues.apache.org/jira/browse/AIRAVATA-7. Good to double check, but > my opinion is we are done with required steps for Airavata as per - > http://www.apache.org/dev/crypto.html and added the dependencies to - > http://www.apache.org/licenses/exports/ > > Suresh > > On Dec 28, 2011, at 9:24 AM, Chathura Herath wrote: > >> Hi, >> >> I am with the Apache Airavata incubator project and i am going through >> the release checklist and I want some advice on the export control >> issues related to some security jars. >> >> We have jce-jdk.jar[1] and criptix.jar[2] as dependencies in the >> distribution. >> >> 1) Will US export control w.r.t. cryptographic algorithms will >> prevent us from shipping criptix jar. I ve pasted the license >> agreement in [4]. >> 2) Java jce jar download page explicitly mentions download will be >> for US and Canada only[4]. Does this mean we will not be able to >> package it but rather ask the use to manually provide the jar >> location. >> 3) If we could simply package them as is, Will there be a special >> download disclaimer that we need to add. In that case should we avoid >> mirrors? >> >> I researched usage of these jar in the history and i came across >> (http://mail-archives.apache.org/mod_mbox/turbine-dev/200201.mbox/%[email protected]%3E); >> though it was not clear whether the focus on export license was >> resoled explicitly. >> >> Although with some work we may be able to continue the release without >> these jars in the first release, going forward we will have these jar >> dependencies to interact with Grid Security Infrastructure. Any >> insight/advice/suggestion is greatly appreciated. >> >> Thanks and Happy holidays. >> >> -- >> Chathura Herath Ph.D. >> https://www.cs.indiana.edu/~cherath/ >> http://chathurah.blogspot.com/ >> >> >> >> >> >> >> [1] >> http://docs.oracle.com/javase/1.5.0/docs/guide/security/jce/JCERefGuide.html >> [2]http://sourceforge.net/projects/cryptix-asn1/, http://www.cryptix.org/ >> >> [3]JCE 1.2.2 Software, Jurisdiction Policy files, and Documentation >> >> RESTRICTED TO THE UNITED STATES AND CANADA. If you do not reside in >> the United States or Canada, you will not be able to download this >> software. >> >> [4]Cryptix General License >> >> Copyright (c) 1995-2005 The Cryptix Foundation Limited. >> All rights reserved. >> >> Redistribution and use in source and binary forms, with or without >> modification, are permitted provided that the following conditions are >> met: >> >> 1. Redistributions of source code must retain the copyright notice, >> this list of conditions and the following disclaimer. >> 2. Redistributions in binary form must reproduce the above copyright >> notice, this list of conditions and the following disclaimer in >> the documentation and/or other materials provided with the >> distribution. >> >> THIS SOFTWARE IS PROVIDED BY THE CRYPTIX FOUNDATION LIMITED AND >> CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, >> INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF >> MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. >> IN NO EVENT SHALL THE CRYPTIX FOUNDATION LIMITED OR CONTRIBUTORS BE >> LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR >> CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF >> SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR >> BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, >> WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE >> OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN >> IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. > > > -----BEGIN PGP SIGNATURE----- > > iQIcBAEBAgAGBQJO+rvoAAoJEHmz9P1hfdutOBQP/3isr0SvbyX80xWS10zG+RUx > y8BNMiShGEkJHxdzLNw4ik5QSKshP3symXiPZz1yga1nn428vr+glRsBimd/uXq6 > 3LgcvixlSODFBCc1degB8YqMTKQUCbWkf2mlSfQeC1apWMi/coUljBuYsGR6gOlj > o1O6aSdGiieVbqxAgYKrPBU2wRZiIkxthABV/gTZENysYrVu62jWnBBsFpWsINh2 > +WaGKc9IofEBucp60ENKrtXtBHzX9akytCC+x8VsyoLXMEILq2EA1jvqf5xEh52m > /pYM2qXkAJDuvIqYaJ0QNMjlWb5PmI4saWj7dBkqgWgjw18sO0Y8Rbn9YFh+Y9C3 > MNia6cf4q+Xac5DwjorLtjrybOaS8mOAi7+lqAnM5L/kgw0bi+/9Gup8jDe6W78W > 48FFR6M4d2mRtzhxu+lauuZk50tgDz2nyqkZcTUOpPjzJKK78612MMDXFRW9BKos > a/eYKVGwfTN1Odq8HV3gQL6tSTNrnVQ40cvumn0iXYJ89evB8KNfGVFSZTxpTa+x > EMscbrSMvWU7Ai2eyv0fap/bQpUR7uRiwN23+G0HVvSJPaQdsCPNOZ4yxZEAjrkt > 580dzKvGbsRsqlAX2/bL4OJSdiy/ATBTsWkGGnqGRnzNpW7eHrmMuHAb8O7LXwCI > 5uM4Ag2ljVxe6NlVXSB+ > =yREp > -----END PGP SIGNATURE----- > -- Chathura Herath http://people.apache.org/~chathura/ http://chathurah.blogspot.com/
