The ASF board has specifically asked every PMC chair to ensure that projects have attended to "Export Classifications" and to mention progress in our next board report, which for us is due in mid-February.
http://www.apache.org/licenses/exports/ and some explanation at http://www.apache.org/dev/crypto.html Stuff like this is not specifically up to me. The Forrest PMC as a whole needs to look out for such issues. I have tried to understand it in the past and thought that it didn't apply to us. However, recently Apache Ant raised an issue on the legal-discuss mail list, related to their (and Ivy's) use of "jsch". Forrest also bundles a jsch binary with our release (see below). http://markmail.org/message/42hdlifw55u7pkhf "Subject: ECCN questions, again, this time Ant" and other threads. Roy's answers are particularly helpful as usual: http://markmail.org/message/gmp52356ne2o4se2 http://markmail.org/message/m3tg3n3y237cblxq If i read things correctly then we need to follow Roy's example for "httpd + openssl". --------------------- Affected code ------------- I have found our use of "jsch" (see below). Please help to find what other affected products that we use. cd $FORREST_HOME find . -name "jsch*.jar" ./tools/ant/lib/jsch-0.1.28.jar ./whiteboard/dispatcher/tools/ant/lib/jsch-0.1.28.jar -David
