Dmitriy, I think that it's required to enlist all of the publicly released Ignite versions (available for download from the website). It means that the XML should have the following controlled sources grouped by Ignite versions' ranges.
- Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse Foundation - Ignite 1.5.0 and later: all of the controller versions listed by you. Not sure about JCraft only. What was the first Ignite version the lib was added to? As for .NET versions declarations, I'm for the way it handled right now by you. Btw, do you know where ASF explains the website build process? Failed to find it, it's not enough just to update the XML. Finally, looping in Garrett who can help with the editorial review. Garrett, could you please review README.txt from this pull-request? https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29 - Denis On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <[email protected]> wrote: > Igniters, > > please review crypto notice in > > https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29 > > Only 2 open questions: about declaring released versions, and about > declaring .NET versions (.NET Core & . NET Classic). By default, I propose > to keep both. > > Sincerely, > Dmitriy Pavlov > > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <[email protected]>: > > > Pavel, > > > > we need to follow the process from > > https://www.apache.org/dev/crypto.html#classify > > > > Please see similar products in the draft export matrix, > > > > > https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7 > > > > > > We don't ship JDK, but we designed our product to use a cryptographic > > feature from this 3rd party product, so we need to follow this process > and > > provide matrix update, add CRYPTO notice (I'll draft it). > > > > Other products don't declare all possible JDKs - > > http://www.apache.org/licenses/exports/#matrix So, probably, one > > declaration of .NET classic (Microsoft) would be enough. > > > > Sincerely, > > Dmitriy Pavlov > > > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <[email protected]>: > > > >> >>Should it go instead of Microsoft? Should we mention .NET code in > >> addition > >> > >> >>to Microsoft? > >> > >> > >> > >> >Yes, I think we can do this. Ignite targets both of the them. And .NET > >> Core uses it’s own implementation of standard class library[1] > >> > >> >Pavel may correct me. > >> > >> > >> We use crypto APIs from standard class library. We ship our binaries, > but > >> we don't ship the framework binaries. > >> > >> Our binaries can be executed with .NET Core (open-source, MIT license), > >> Mono (open-source, MIT license), and .NET Classic (old framework, > >> Windows-only, Microsoft license). > >> > >> I'm still not sure what is the question we are trying to answer, though. > >> > >> > >> Thanks, > >> > >> Pavel > >> > >> > >> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <[email protected]> > >> wrote: > >> > >> > >1) Declaring older versions of Ignite. > >> > > >> > >2) Is it correct to mention that Ignite uses .NET core controlled by > >> .NET > >> > > >> > >Foundation? E.g. as follows: > >> > > >> > >(controlled by) > >> > > >> > >.NET Foundation > >> > > >> > >title=Designed to use .NET Framework Cryptography Model > >> > > >> > >href=https://dotnetfoundation.org/projects > >> > > >> > > >> > > >> > >Should it go instead of Microsoft? Should we mention .NET code in > >> addition > >> > > >> > >to Microsoft? > >> > > >> > > >> > > >> > Yes, I think we can do this. Ignite targets both of the them. And .NET > >> > Core uses it’s own implementation of standard class library[1] > >> > > >> > Pavel may correct me. > >> > > >> > > >> > > >> > [1] https://github.com/dotnet/corefx > >> > > >> > > >> > > >> > *From: *Dmitriy Pavlov <[email protected]> > >> > *Sent: *Monday, June 17, 2019 4:35 PM > >> > *To: *dev <[email protected]> > >> > *Cc: *Denis Magda <[email protected]>; Igor Sapego < > [email protected]>; > >> Pavel > >> > Petroshenko <[email protected]>; Nikolay Izhikov <[email protected]> > >> > *Subject: *Re: Signing off Ignite for export beyond the U.S. > >> > > >> > > >> > > >> > Thanks, Pavel! > >> > > >> > > >> > > >> > Denis, Pavel, Igniters, please review the following proposal: > >> > > >> > > >> > > >> > - Python, Node JS, ODBC to be declared as OpenSSL usage. > >> > > >> > - AWS-S3 client-side encryption to be declared as JCA/JCE usage. > >> > > >> > - SSLContextFactory usage to be declared as JCA/JCE usage. > >> > > >> > - TDE to be declared as JCA/JCE > >> > > >> > > >> > > >> > Export matrix data to be published in ASF-level SVN: > >> > > >> > <<<<< > >> > > >> > Product Name > >> > > >> > Apache Ignite > >> > > >> > > >> > > >> > Versions > >> > > >> > development > >> > > >> > 2.7 and later <Earlier versions-TBD?> > >> > > >> > > >> > > >> > ECCN > >> > > >> > 5D002 > >> > > >> > > >> > > >> > Controlled source > >> > > >> > ASF > >> > > >> > title=Designed to use with built-in Java Cryptography Architecture > (JCA) > >> > > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git > >> > > >> > > >> > > >> > Oracle > >> > > >> > title=Designed to use with built-in Java encryption libraries (JCE) > >> > > >> > href= > >> https://www.oracle.com/technetwork/java/javase/downloads/index.html > >> > > >> > > >> > > >> > The OpenSSL Project > >> > > >> > title=Designed to use General Purpose cryptography library included > with > >> > > >> > OpenSSL > >> > > >> > href=https://www.openssl.org/source/ > >> > > >> > > >> > > >> > Microsoft > >> > > >> > title=Designed to use .NET Framework Cryptography Model > >> > > >> > href=https://dotnet.microsoft.com/download > >> > > >> > >>>>>> > >> > > >> > > >> > > >> > Open questions: > >> > > >> > 1) Declaring older versions of Ignite. > >> > > >> > 2) Is it correct to mention that Ignite uses .NET core controlled by > >> .NET > >> > > >> > Foundation? E.g. as follows: > >> > > >> > (controlled by) > >> > > >> > .NET Foundation > >> > > >> > title=Designed to use .NET Framework Cryptography Model > >> > > >> > href=https://dotnetfoundation.org/projects > >> > > >> > > >> > > >> > Should it go instead of Microsoft? Should we mention .NET code in > >> addition > >> > > >> > to Microsoft? > >> > > >> > > >> > > >> > Sincerely, > >> > > >> > Dmitriy Pavlov > >> > > >> > > >> > > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <[email protected]>: > >> > > >> > > >> > > >> > > Hi Denis, > >> > > >> > > > >> > > >> > > Ignite.NET uses .NET Framework Standard Library for all security and > >> > > >> > > cryptographic related code. There are no dependencies on external > >> > > >> > > libraries. > >> > > >> > > > >> > > >> > > Thanks > >> > > >> > > > >> > > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <[email protected]>: > >> > > >> > > > >> > > >> > > > Igniters, > >> > > >> > > > > >> > > >> > > > Regardless of the fact that Ignite is an open source software, ASF > >> as > >> > an > >> > > >> > > > entity based in the U.S. has to comply with certain exporting > >> > regulations > >> > > >> > > > [1]. > >> > > >> > > > > >> > > >> > > > Dmitry Pavlov and I are working on adding Ignite to the table [2] > of > >> > > >> > > > projects allowed for export and might need the assistance of some > of > >> > you. > >> > > >> > > > > >> > > >> > > > Here is a list of cryptographic functions used by Ignite (and > >> provided > >> > by > >> > > >> > > > a 3rd party vendor): > >> > > >> > > > > >> > > >> > > > 1. JDK SSL/TLS libraries if a user wishes to enable secured > >> > > >> > > > connectivity between cluster nodes. Manufacturer - > >> Oracle/OpenJDK ( > >> > > >> > > > https://apacheignite.readme.io/docs/ssltls) > >> > > >> > > > 2. JDK AES/CBC/PKCS5Padding encryption from the Java libraries > >> for > >> > > >> > > > transparent data encryption of data on disk ( > >> > > >> > > > > https://apacheignite.readme.io/docs/transparent-data-encryption) > >> > > >> > > > 3. Libraries/vendors for .NET nodes security?* Pavel Tupitsyn*, > >> > could > >> > > >> > > > you check? > >> > > >> > > > 4. Libraries/vendors for C++ clients security (SSL, TLS, > anything > >> > > >> > > > else?). *Igor Sapego*, could you please check? > >> > > >> > > > 5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear > thin > >> > > >> > > > client contributors*, please facilitate. > >> > > >> > > > 6. Anything else missing from the list? We don't have any > custom > >> > > >> > > > crypto features, right? > >> > > >> > > > > >> > > >> > > > All of these usages/integrations have to comply with the following > >> > > >> > > > checklist [3] before I, as a PMC Chair, submit a notice to Export > >> > > >> > > > Administration Regulations of the U.S.A. > >> > > >> > > > > >> > > >> > > > [1] http://www.apache.org/licenses/exports/ > >> > > >> > > > [2] http://www.apache.org/licenses/exports/#matrix > >> > > >> > > > [3] https://www.apache.org/dev/crypto.html#classify > >> > > >> > > > > >> > > >> > > > > >> > > >> > > > - > >> > > >> > > > Denis > >> > > >> > > > > >> > > >> > > > >> > > >> > > >> > > >> > > >
