Igniters, as for older versions, I've started to collect information of crypto providers usages in older versions, please help me to finalize this doc so I could prepare a declaration of older versions.
https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing I'm not sure if the time of Incubation counts, but, anyway, let' collect information about the history of modules. Sincerely, Dmitriy Pavlov ср, 19 июн. 2019 г. в 14:05, Dmitriy Pavlov <[email protected]>: > Hi Denis, > > Build process seems to be mentioned only here > https://www.apache.org/dev/crypto.html#sources It also mentions some > bisnotice XSLT transformation, which is available at SVN here > https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/ > > For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl from > https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/ > is more appropriate. I will test it locally. > > The only thing I've found for now is the following scripts at the root of > SVN here https://svn.apache.org/repos/asf/infrastructure/site/trunk/ > bisnotice.cmd > bisnotice.sh > > Sincerely, > Dmitriy Pavlov > > ср, 19 июн. 2019 г. в 01:40, Denis Magda <[email protected]>: > >> Dmitriy, >> >> I think that it's required to enlist all of the publicly released Ignite >> versions (available for download from the website). It means that the XML >> should have the following controlled sources grouped by Ignite versions' >> ranges. >> >> - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse Foundation >> - Ignite 1.5.0 and later: all of the controller versions listed by you. >> >> Not sure about JCraft only. What was the first Ignite version the lib was >> added to? >> >> As for .NET versions declarations, I'm for the way it handled right now by >> you. Btw, do you know where ASF explains the website build process? Failed >> to find it, it's not enough just to update the XML. >> >> Finally, looping in Garrett who can help with the editorial review. >> Garrett, could you please review README.txt from this pull-request? >> >> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29 >> >> >> - >> Denis >> >> >> On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov <[email protected]> >> wrote: >> >> > Igniters, >> > >> > please review crypto notice in >> > >> > >> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29 >> > >> > Only 2 open questions: about declaring released versions, and about >> > declaring .NET versions (.NET Core & . NET Classic). By default, I >> propose >> > to keep both. >> > >> > Sincerely, >> > Dmitriy Pavlov >> > >> > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <[email protected]>: >> > >> > > Pavel, >> > > >> > > we need to follow the process from >> > > https://www.apache.org/dev/crypto.html#classify >> > > >> > > Please see similar products in the draft export matrix, >> > > >> > > >> > >> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7 >> > > >> > > >> > > We don't ship JDK, but we designed our product to use a cryptographic >> > > feature from this 3rd party product, so we need to follow this process >> > and >> > > provide matrix update, add CRYPTO notice (I'll draft it). >> > > >> > > Other products don't declare all possible JDKs - >> > > http://www.apache.org/licenses/exports/#matrix So, probably, one >> > > declaration of .NET classic (Microsoft) would be enough. >> > > >> > > Sincerely, >> > > Dmitriy Pavlov >> > > >> > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn <[email protected]>: >> > > >> > >> >>Should it go instead of Microsoft? Should we mention .NET code in >> > >> addition >> > >> >> > >> >>to Microsoft? >> > >> >> > >> >> > >> >> > >> >Yes, I think we can do this. Ignite targets both of the them. And >> .NET >> > >> Core uses it’s own implementation of standard class library[1] >> > >> >> > >> >Pavel may correct me. >> > >> >> > >> >> > >> We use crypto APIs from standard class library. We ship our binaries, >> > but >> > >> we don't ship the framework binaries. >> > >> >> > >> Our binaries can be executed with .NET Core (open-source, MIT >> license), >> > >> Mono (open-source, MIT license), and .NET Classic (old framework, >> > >> Windows-only, Microsoft license). >> > >> >> > >> I'm still not sure what is the question we are trying to answer, >> though. >> > >> >> > >> >> > >> Thanks, >> > >> >> > >> Pavel >> > >> >> > >> >> > >> >> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin <[email protected]> >> > >> wrote: >> > >> >> > >> > >1) Declaring older versions of Ignite. >> > >> > >> > >> > >2) Is it correct to mention that Ignite uses .NET core controlled >> by >> > >> .NET >> > >> > >> > >> > >Foundation? E.g. as follows: >> > >> > >> > >> > >(controlled by) >> > >> > >> > >> > >.NET Foundation >> > >> > >> > >> > >title=Designed to use .NET Framework Cryptography Model >> > >> > >> > >> > >href=https://dotnetfoundation.org/projects >> > >> > >> > >> > >> > >> > >> > >> > >Should it go instead of Microsoft? Should we mention .NET code in >> > >> addition >> > >> > >> > >> > >to Microsoft? >> > >> > >> > >> > >> > >> > >> > >> > Yes, I think we can do this. Ignite targets both of the them. And >> .NET >> > >> > Core uses it’s own implementation of standard class library[1] >> > >> > >> > >> > Pavel may correct me. >> > >> > >> > >> > >> > >> > >> > >> > [1] https://github.com/dotnet/corefx >> > >> > >> > >> > >> > >> > >> > >> > *From: *Dmitriy Pavlov <[email protected]> >> > >> > *Sent: *Monday, June 17, 2019 4:35 PM >> > >> > *To: *dev <[email protected]> >> > >> > *Cc: *Denis Magda <[email protected]>; Igor Sapego < >> > [email protected]>; >> > >> Pavel >> > >> > Petroshenko <[email protected]>; Nikolay Izhikov < >> [email protected]> >> > >> > *Subject: *Re: Signing off Ignite for export beyond the U.S. >> > >> > >> > >> > >> > >> > >> > >> > Thanks, Pavel! >> > >> > >> > >> > >> > >> > >> > >> > Denis, Pavel, Igniters, please review the following proposal: >> > >> > >> > >> > >> > >> > >> > >> > - Python, Node JS, ODBC to be declared as OpenSSL usage. >> > >> > >> > >> > - AWS-S3 client-side encryption to be declared as JCA/JCE usage. >> > >> > >> > >> > - SSLContextFactory usage to be declared as JCA/JCE usage. >> > >> > >> > >> > - TDE to be declared as JCA/JCE >> > >> > >> > >> > >> > >> > >> > >> > Export matrix data to be published in ASF-level SVN: >> > >> > >> > >> > <<<<< >> > >> > >> > >> > Product Name >> > >> > >> > >> > Apache Ignite >> > >> > >> > >> > >> > >> > >> > >> > Versions >> > >> > >> > >> > development >> > >> > >> > >> > 2.7 and later <Earlier versions-TBD?> >> > >> > >> > >> > >> > >> > >> > >> > ECCN >> > >> > >> > >> > 5D002 >> > >> > >> > >> > >> > >> > >> > >> > Controlled source >> > >> > >> > >> > ASF >> > >> > >> > >> > title=Designed to use with built-in Java Cryptography Architecture >> > (JCA) >> > >> > >> > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git >> > >> > >> > >> > >> > >> > >> > >> > Oracle >> > >> > >> > >> > title=Designed to use with built-in Java encryption libraries (JCE) >> > >> > >> > >> > href= >> > >> https://www.oracle.com/technetwork/java/javase/downloads/index.html >> > >> > >> > >> > >> > >> > >> > >> > The OpenSSL Project >> > >> > >> > >> > title=Designed to use General Purpose cryptography library included >> > with >> > >> > >> > >> > OpenSSL >> > >> > >> > >> > href=https://www.openssl.org/source/ >> > >> > >> > >> > >> > >> > >> > >> > Microsoft >> > >> > >> > >> > title=Designed to use .NET Framework Cryptography Model >> > >> > >> > >> > href=https://dotnet.microsoft.com/download >> > >> > >> > >> > >>>>>> >> > >> > >> > >> > >> > >> > >> > >> > Open questions: >> > >> > >> > >> > 1) Declaring older versions of Ignite. >> > >> > >> > >> > 2) Is it correct to mention that Ignite uses .NET core controlled >> by >> > >> .NET >> > >> > >> > >> > Foundation? E.g. as follows: >> > >> > >> > >> > (controlled by) >> > >> > >> > >> > .NET Foundation >> > >> > >> > >> > title=Designed to use .NET Framework Cryptography Model >> > >> > >> > >> > href=https://dotnetfoundation.org/projects >> > >> > >> > >> > >> > >> > >> > >> > Should it go instead of Microsoft? Should we mention .NET code in >> > >> addition >> > >> > >> > >> > to Microsoft? >> > >> > >> > >> > >> > >> > >> > >> > Sincerely, >> > >> > >> > >> > Dmitriy Pavlov >> > >> > >> > >> > >> > >> > >> > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn <[email protected] >> >: >> > >> > >> > >> > >> > >> > >> > >> > > Hi Denis, >> > >> > >> > >> > > >> > >> > >> > >> > > Ignite.NET uses .NET Framework Standard Library for all security >> and >> > >> > >> > >> > > cryptographic related code. There are no dependencies on external >> > >> > >> > >> > > libraries. >> > >> > >> > >> > > >> > >> > >> > >> > > Thanks >> > >> > >> > >> > > >> > >> > >> > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda <[email protected]>: >> > >> > >> > >> > > >> > >> > >> > >> > > > Igniters, >> > >> > >> > >> > > > >> > >> > >> > >> > > > Regardless of the fact that Ignite is an open source software, >> ASF >> > >> as >> > >> > an >> > >> > >> > >> > > > entity based in the U.S. has to comply with certain exporting >> > >> > regulations >> > >> > >> > >> > > > [1]. >> > >> > >> > >> > > > >> > >> > >> > >> > > > Dmitry Pavlov and I are working on adding Ignite to the table >> [2] >> > of >> > >> > >> > >> > > > projects allowed for export and might need the assistance of >> some >> > of >> > >> > you. >> > >> > >> > >> > > > >> > >> > >> > >> > > > Here is a list of cryptographic functions used by Ignite (and >> > >> provided >> > >> > by >> > >> > >> > >> > > > a 3rd party vendor): >> > >> > >> > >> > > > >> > >> > >> > >> > > > 1. JDK SSL/TLS libraries if a user wishes to enable secured >> > >> > >> > >> > > > connectivity between cluster nodes. Manufacturer - >> > >> Oracle/OpenJDK ( >> > >> > >> > >> > > > https://apacheignite.readme.io/docs/ssltls) >> > >> > >> > >> > > > 2. JDK AES/CBC/PKCS5Padding encryption from the Java >> libraries >> > >> for >> > >> > >> > >> > > > transparent data encryption of data on disk ( >> > >> > >> > >> > > > >> > https://apacheignite.readme.io/docs/transparent-data-encryption) >> > >> > >> > >> > > > 3. Libraries/vendors for .NET nodes security?* Pavel >> Tupitsyn*, >> > >> > could >> > >> > >> > >> > > > you check? >> > >> > >> > >> > > > 4. Libraries/vendors for C++ clients security (SSL, TLS, >> > anything >> > >> > >> > >> > > > else?). *Igor Sapego*, could you please check? >> > >> > >> > >> > > > 5. Libraries/vendors for Python, PHP, Node.JS SSL/TLS? *Dear >> > thin >> > >> > >> > >> > > > client contributors*, please facilitate. >> > >> > >> > >> > > > 6. Anything else missing from the list? We don't have any >> > custom >> > >> > >> > >> > > > crypto features, right? >> > >> > >> > >> > > > >> > >> > >> > >> > > > All of these usages/integrations have to comply with the >> following >> > >> > >> > >> > > > checklist [3] before I, as a PMC Chair, submit a notice to >> Export >> > >> > >> > >> > > > Administration Regulations of the U.S.A. >> > >> > >> > >> > > > >> > >> > >> > >> > > > [1] http://www.apache.org/licenses/exports/ >> > >> > >> > >> > > > [2] http://www.apache.org/licenses/exports/#matrix >> > >> > >> > >> > > > [3] https://www.apache.org/dev/crypto.html#classify >> > >> > >> > >> > > > >> > >> > >> > >> > > > >> > >> > >> > >> > > > - >> > >> > >> > >> > > > Denis >> > >> > >> > >> > > > >> > >> > >> > >> > > >> > >> > >> > >> > >> > >> > >> > >> >> > > >> > >> >
