On Sun, Aug 26, 2012 at 12:42 AM, Ewan Mellor <[email protected]> wrote: >> -----Original Message----- >> From: David Nalley [mailto:[email protected]] >> Sent: 25 August 2012 08:30 >> To: [email protected] >> Subject: Consensus around cryptography/export control issues >> >> Hi folks, >> >> I am willing to own the crypto reporting stuff, but..... before I begin, I >> want to >> make sure we have a good understanding of what specifically we are >> declaring. >> >> So - my perception/understanding is that: >> >> The CloudStack source code release will contain no crypto inherently. >> >> The convenience binaries that we produce will have Bouncy Castle - the >> systemVMs will have openswan, etc, and a build itself depends on libraries >> like bouncy castle. >> >> So first am I missing anything? Is there any actual crypto in the source repo >> that I am not aware of? >> >> The ASF's guidelines on this are here: >> http://www.apache.org/dev/crypto.html for those of you wanting some >> light weekend reading. > > Citrix should have done all of this for their last few releases. I suggest > you ask Will / Kevin. You should be able to copy their declaration. > > Cheers, > > Ewan. >
David, We should include ASF, Bouncy Castle and JCraft on the export page. I didn't find any others (but might have missed something). -chip
