Hi, Recently ASF announced[1] a statement regarding US Federal Register Notice of non-US affiliates added to Entity List Ruling. It says:
Open Source projects involving encryption software source code are still required to send a notice of the URL to BIS and NSA to satisfy the "publicly available" notice requirement in EAR § 742.15(b). I want to make sure Dubbo does not involving encryption software. Dubbo has integrated various external softwares which provide the feature to encrypt software, for example: - Netty - Apache Tomcat - Jetty - jetcd I checked the source on Dubbo, and did not found any code that activates the encryption. So basically I think it is safe here. If you found any issues regarding encryption please let me know. We need to send a notice to BIS and NSA. [1] https://blogs.apache.org/foundation/entry/statement-by-the-apache-software -- Best Regards! Huxing
