In addition to that, how about adding an item for Ignite release policy to validate that there are no cryptography related changes? http://www.apache.org/licenses/exports/
-- Denis Magda On Tue, Jun 25, 2019 at 1:54 PM Denis Magda <[email protected]> wrote: > Dmitry, > > I've updated the ASF website by including Ignite to the exports matrix > [1]. Plus, notified the controlling U.S. entities on the matter. > > Could you please do one more favor and help to close these two items > (flying on a plane and a poor Internet connection makes it impossible to > check them off on my end)? > > - Update README.txt in Ignite master with the content prepared earlier > by you > - Copy content of this doc [2] to Ignite Wiki > > [1] http://www.apache.org/licenses/exports/ > [2] > https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing > > - > Denis > > > On Wed, Jun 19, 2019 at 2:47 PM Dmitriy Pavlov <[email protected]> wrote: > >> Pavel replied to me in private: encryption is available since 2.4 for .Net >> thin client. >> >> I've also modified source XML >> >> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8 >> >> >> чт, 20 июн. 2019 г. в 00:10, Denis Magda <[email protected]>: >> >> > Pavel, >> > >> > I still have no info related to starting version of .NET encryption >> > > support. So I supposed it was 1.5. >> > >> > >> > Could you please help with this last open item? >> > >> > Dmitry, thanks for the final summary. I'll contact ASF folks trying to >> find >> > the ASF website dev instructions. >> > >> > >> > -- >> > Denis Magda >> > >> > >> > On Wed, Jun 19, 2019 at 11:35 AM Dmitriy Pavlov <[email protected]> >> > wrote: >> > >> > > Hi Denis, >> > > >> > > I still have no info related to starting version of .NET encryption >> > > support. So I supposed it was 1.5. >> > > >> > > I've started both XSTLs and added an example of both XLTs output to >> > google >> > > doc tabs. One transformer is for email template generation (requires >> > > project name), another is for the site table. >> > > >> > > Only one TODO now left in the PR version of the update. All other >> stuff >> > is >> > > ready for publishing: >> > > >> > > >> > >> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR8 >> > > >> > > Sincerely, >> > > Dmitriy Pavlov >> > > >> > > P.S. I'm not sure that dev. the list will keep formatting, but anyway >> > here >> > > is transformer output example as text. >> > > >> > > Apache Ignite Project >> > > Product Name Versions ECCN >> > > Controlled Source >> > > Apache Ignite development 5D002 >> > > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft, >> > Inc., >> > > The Eclipse Foundation >> > > 2.5.0 - latest 5D002 >> > > ASF, Oracle, The OpenSSL Project, Microsoft, .NET Foundation, JCraft, >> > Inc., >> > > The Eclipse Foundation >> > > 1.5.0.final - 2.4.0 5D002 >> > > ASF, Oracle, Microsoft, .NET Foundation, JCraft, Inc., The Eclipse >> > > Foundation >> > > 1.0.0 - 1.5.0-b1 5D002 >> > > ASF, Oracle, JCraft, Inc., The Eclipse Foundation >> > > >> > > ср, 19 июн. 2019 г. в 15:05, Dmitriy Pavlov <[email protected]>: >> > > >> > > > Igniters, >> > > > >> > > > as for older versions, I've started to collect information of crypto >> > > > providers usages in older versions, please help me to finalize this >> doc >> > > so >> > > > I could prepare a declaration of older versions. >> > > > >> > > > >> > > > >> > > >> > >> https://docs.google.com/spreadsheets/d/1s15HnsE40hHl0QN2aX0hJ3atw9_LO19_mzhgM96rcbo/edit?usp=sharing >> > > > >> > > > I'm not sure if the time of Incubation counts, but, anyway, let' >> > collect >> > > > information about the history of modules. >> > > > >> > > > Sincerely, >> > > > Dmitriy Pavlov >> > > > >> > > > ср, 19 июн. 2019 г. в 14:05, Dmitriy Pavlov <[email protected]>: >> > > > >> > > >> Hi Denis, >> > > >> >> > > >> Build process seems to be mentioned only here >> > > >> https://www.apache.org/dev/crypto.html#sources It also mentions >> some >> > > >> bisnotice XSLT transformation, which is available at SVN here >> > > >> >> > > >> > >> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/ >> > > >> >> > > >> For XML I'm preparing at PR6616 it seems that eccnmatrix.xsl from >> > > >> >> > > >> > >> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/ >> > > >> is more appropriate. I will test it locally. >> > > >> >> > > >> The only thing I've found for now is the following scripts at the >> root >> > > of >> > > >> SVN here >> https://svn.apache.org/repos/asf/infrastructure/site/trunk/ >> > > >> bisnotice.cmd >> > > >> bisnotice.sh >> > > >> >> > > >> Sincerely, >> > > >> Dmitriy Pavlov >> > > >> >> > > >> ср, 19 июн. 2019 г. в 01:40, Denis Magda <[email protected]>: >> > > >> >> > > >>> Dmitriy, >> > > >>> >> > > >>> I think that it's required to enlist all of the publicly released >> > > Ignite >> > > >>> versions (available for download from the website). It means that >> the >> > > XML >> > > >>> should have the following controlled sources grouped by Ignite >> > > versions' >> > > >>> ranges. >> > > >>> >> > > >>> - Ignite 1.0.0 - Ignite 1.5.0-b1: ASF, Oracle, The Eclipse >> > > Foundation >> > > >>> - Ignite 1.5.0 and later: all of the controller versions >> listed by >> > > >>> you. >> > > >>> >> > > >>> Not sure about JCraft only. What was the first Ignite version the >> lib >> > > was >> > > >>> added to? >> > > >>> >> > > >>> As for .NET versions declarations, I'm for the way it handled >> right >> > now >> > > >>> by >> > > >>> you. Btw, do you know where ASF explains the website build >> process? >> > > >>> Failed >> > > >>> to find it, it's not enough just to update the XML. >> > > >>> >> > > >>> Finally, looping in Garrett who can help with the editorial >> review. >> > > >>> Garrett, could you please review README.txt from this >> pull-request? >> > > >>> >> > > >>> >> > > >> > >> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29 >> > > >>> >> > > >>> >> > > >>> - >> > > >>> Denis >> > > >>> >> > > >>> >> > > >>> On Tue, Jun 18, 2019 at 5:06 AM Dmitriy Pavlov < >> [email protected]> >> > > >>> wrote: >> > > >>> >> > > >>> > Igniters, >> > > >>> > >> > > >>> > please review crypto notice in >> > > >>> > >> > > >>> > >> > > >>> >> > > >> > >> https://github.com/apache/ignite/pull/6616/files#diff-26fd799ea07494916e9da9b91b2aac64R29 >> > > >>> > >> > > >>> > Only 2 open questions: about declaring released versions, and >> about >> > > >>> > declaring .NET versions (.NET Core & . NET Classic). By >> default, I >> > > >>> propose >> > > >>> > to keep both. >> > > >>> > >> > > >>> > Sincerely, >> > > >>> > Dmitriy Pavlov >> > > >>> > >> > > >>> > пн, 17 июн. 2019 г. в 19:24, Dmitriy Pavlov <[email protected] >> >: >> > > >>> > >> > > >>> > > Pavel, >> > > >>> > > >> > > >>> > > we need to follow the process from >> > > >>> > > https://www.apache.org/dev/crypto.html#classify >> > > >>> > > >> > > >>> > > Please see similar products in the draft export matrix, >> > > >>> > > >> > > >>> > > >> > > >>> > >> > > >>> >> > > >> > >> https://github.com/apache/ignite/pull/6616/files#diff-1995c8a78832996cb48db91f7550479cR7 >> > > >>> > > >> > > >>> > > >> > > >>> > > We don't ship JDK, but we designed our product to use a >> > > cryptographic >> > > >>> > > feature from this 3rd party product, so we need to follow this >> > > >>> process >> > > >>> > and >> > > >>> > > provide matrix update, add CRYPTO notice (I'll draft it). >> > > >>> > > >> > > >>> > > Other products don't declare all possible JDKs - >> > > >>> > > http://www.apache.org/licenses/exports/#matrix So, probably, >> one >> > > >>> > > declaration of .NET classic (Microsoft) would be enough. >> > > >>> > > >> > > >>> > > Sincerely, >> > > >>> > > Dmitriy Pavlov >> > > >>> > > >> > > >>> > > пн, 17 июн. 2019 г. в 19:11, Pavel Tupitsyn < >> > [email protected] >> > > >: >> > > >>> > > >> > > >>> > >> >>Should it go instead of Microsoft? Should we mention .NET >> code >> > > in >> > > >>> > >> addition >> > > >>> > >> >> > > >>> > >> >>to Microsoft? >> > > >>> > >> >> > > >>> > >> >> > > >>> > >> >> > > >>> > >> >Yes, I think we can do this. Ignite targets both of the >> them. >> > And >> > > >>> .NET >> > > >>> > >> Core uses it’s own implementation of standard class >> library[1] >> > > >>> > >> >> > > >>> > >> >Pavel may correct me. >> > > >>> > >> >> > > >>> > >> >> > > >>> > >> We use crypto APIs from standard class library. We ship our >> > > >>> binaries, >> > > >>> > but >> > > >>> > >> we don't ship the framework binaries. >> > > >>> > >> >> > > >>> > >> Our binaries can be executed with .NET Core (open-source, MIT >> > > >>> license), >> > > >>> > >> Mono (open-source, MIT license), and .NET Classic (old >> > framework, >> > > >>> > >> Windows-only, Microsoft license). >> > > >>> > >> >> > > >>> > >> I'm still not sure what is the question we are trying to >> answer, >> > > >>> though. >> > > >>> > >> >> > > >>> > >> >> > > >>> > >> Thanks, >> > > >>> > >> >> > > >>> > >> Pavel >> > > >>> > >> >> > > >>> > >> >> > > >>> > >> >> > > >>> > >> On Mon, Jun 17, 2019 at 5:20 PM Alexandr Shapkin < >> > > [email protected] >> > > >>> > >> > > >>> > >> wrote: >> > > >>> > >> >> > > >>> > >> > >1) Declaring older versions of Ignite. >> > > >>> > >> > >> > > >>> > >> > >2) Is it correct to mention that Ignite uses .NET core >> > > >>> controlled by >> > > >>> > >> .NET >> > > >>> > >> > >> > > >>> > >> > >Foundation? E.g. as follows: >> > > >>> > >> > >> > > >>> > >> > >(controlled by) >> > > >>> > >> > >> > > >>> > >> > >.NET Foundation >> > > >>> > >> > >> > > >>> > >> > >title=Designed to use .NET Framework Cryptography Model >> > > >>> > >> > >> > > >>> > >> > >href=https://dotnetfoundation.org/projects >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > >Should it go instead of Microsoft? Should we mention .NET >> > code >> > > in >> > > >>> > >> addition >> > > >>> > >> > >> > > >>> > >> > >to Microsoft? >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > Yes, I think we can do this. Ignite targets both of the >> them. >> > > And >> > > >>> .NET >> > > >>> > >> > Core uses it’s own implementation of standard class >> library[1] >> > > >>> > >> > >> > > >>> > >> > Pavel may correct me. >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > [1] https://github.com/dotnet/corefx >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > *From: *Dmitriy Pavlov <[email protected]> >> > > >>> > >> > *Sent: *Monday, June 17, 2019 4:35 PM >> > > >>> > >> > *To: *dev <[email protected]> >> > > >>> > >> > *Cc: *Denis Magda <[email protected]>; Igor Sapego < >> > > >>> > [email protected]>; >> > > >>> > >> Pavel >> > > >>> > >> > Petroshenko <[email protected]>; Nikolay Izhikov < >> > > >>> [email protected]> >> > > >>> > >> > *Subject: *Re: Signing off Ignite for export beyond the >> U.S. >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > Thanks, Pavel! >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > Denis, Pavel, Igniters, please review the following >> proposal: >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > - Python, Node JS, ODBC to be declared as OpenSSL usage. >> > > >>> > >> > >> > > >>> > >> > - AWS-S3 client-side encryption to be declared as JCA/JCE >> > usage. >> > > >>> > >> > >> > > >>> > >> > - SSLContextFactory usage to be declared as JCA/JCE usage. >> > > >>> > >> > >> > > >>> > >> > - TDE to be declared as JCA/JCE >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > Export matrix data to be published in ASF-level SVN: >> > > >>> > >> > >> > > >>> > >> > <<<<< >> > > >>> > >> > >> > > >>> > >> > Product Name >> > > >>> > >> > >> > > >>> > >> > Apache Ignite >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > Versions >> > > >>> > >> > >> > > >>> > >> > development >> > > >>> > >> > >> > > >>> > >> > 2.7 and later <Earlier versions-TBD?> >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > ECCN >> > > >>> > >> > >> > > >>> > >> > 5D002 >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > Controlled source >> > > >>> > >> > >> > > >>> > >> > ASF >> > > >>> > >> > >> > > >>> > >> > title=Designed to use with built-in Java Cryptography >> > > Architecture >> > > >>> > (JCA) >> > > >>> > >> > >> > > >>> > >> > href=https://gitbox.apache.org/repos/asf?p=ignite.git >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > Oracle >> > > >>> > >> > >> > > >>> > >> > title=Designed to use with built-in Java encryption >> libraries >> > > >>> (JCE) >> > > >>> > >> > >> > > >>> > >> > href= >> > > >>> > >> >> > > https://www.oracle.com/technetwork/java/javase/downloads/index.html >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > The OpenSSL Project >> > > >>> > >> > >> > > >>> > >> > title=Designed to use General Purpose cryptography library >> > > >>> included >> > > >>> > with >> > > >>> > >> > >> > > >>> > >> > OpenSSL >> > > >>> > >> > >> > > >>> > >> > href=https://www.openssl.org/source/ >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > Microsoft >> > > >>> > >> > >> > > >>> > >> > title=Designed to use .NET Framework Cryptography Model >> > > >>> > >> > >> > > >>> > >> > href=https://dotnet.microsoft.com/download >> > > >>> > >> > >> > > >>> > >> > >>>>>> >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > Open questions: >> > > >>> > >> > >> > > >>> > >> > 1) Declaring older versions of Ignite. >> > > >>> > >> > >> > > >>> > >> > 2) Is it correct to mention that Ignite uses .NET core >> > > controlled >> > > >>> by >> > > >>> > >> .NET >> > > >>> > >> > >> > > >>> > >> > Foundation? E.g. as follows: >> > > >>> > >> > >> > > >>> > >> > (controlled by) >> > > >>> > >> > >> > > >>> > >> > .NET Foundation >> > > >>> > >> > >> > > >>> > >> > title=Designed to use .NET Framework Cryptography Model >> > > >>> > >> > >> > > >>> > >> > href=https://dotnetfoundation.org/projects >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > Should it go instead of Microsoft? Should we mention .NET >> code >> > > in >> > > >>> > >> addition >> > > >>> > >> > >> > > >>> > >> > to Microsoft? >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > Sincerely, >> > > >>> > >> > >> > > >>> > >> > Dmitriy Pavlov >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > пн, 17 июн. 2019 г. в 16:07, Pavel Tupitsyn < >> > > [email protected] >> > > >>> >: >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > > Hi Denis, >> > > >>> > >> > >> > > >>> > >> > > >> > > >>> > >> > >> > > >>> > >> > > Ignite.NET uses .NET Framework Standard Library for all >> > > >>> security and >> > > >>> > >> > >> > > >>> > >> > > cryptographic related code. There are no dependencies on >> > > >>> external >> > > >>> > >> > >> > > >>> > >> > > libraries. >> > > >>> > >> > >> > > >>> > >> > > >> > > >>> > >> > >> > > >>> > >> > > Thanks >> > > >>> > >> > >> > > >>> > >> > > >> > > >>> > >> > >> > > >>> > >> > > ср, 12 июн. 2019 г., 21:07 Denis Magda < >> [email protected]>: >> > > >>> > >> > >> > > >>> > >> > > >> > > >>> > >> > >> > > >>> > >> > > > Igniters, >> > > >>> > >> > >> > > >>> > >> > > > >> > > >>> > >> > >> > > >>> > >> > > > Regardless of the fact that Ignite is an open source >> > > >>> software, ASF >> > > >>> > >> as >> > > >>> > >> > an >> > > >>> > >> > >> > > >>> > >> > > > entity based in the U.S. has to comply with certain >> > > exporting >> > > >>> > >> > regulations >> > > >>> > >> > >> > > >>> > >> > > > [1]. >> > > >>> > >> > >> > > >>> > >> > > > >> > > >>> > >> > >> > > >>> > >> > > > Dmitry Pavlov and I are working on adding Ignite to the >> > > table >> > > >>> [2] >> > > >>> > of >> > > >>> > >> > >> > > >>> > >> > > > projects allowed for export and might need the >> assistance >> > of >> > > >>> some >> > > >>> > of >> > > >>> > >> > you. >> > > >>> > >> > >> > > >>> > >> > > > >> > > >>> > >> > >> > > >>> > >> > > > Here is a list of cryptographic functions used by >> Ignite >> > > (and >> > > >>> > >> provided >> > > >>> > >> > by >> > > >>> > >> > >> > > >>> > >> > > > a 3rd party vendor): >> > > >>> > >> > >> > > >>> > >> > > > >> > > >>> > >> > >> > > >>> > >> > > > 1. JDK SSL/TLS libraries if a user wishes to enable >> > > secured >> > > >>> > >> > >> > > >>> > >> > > > connectivity between cluster nodes. Manufacturer - >> > > >>> > >> Oracle/OpenJDK ( >> > > >>> > >> > >> > > >>> > >> > > > https://apacheignite.readme.io/docs/ssltls) >> > > >>> > >> > >> > > >>> > >> > > > 2. JDK AES/CBC/PKCS5Padding encryption from the Java >> > > >>> libraries >> > > >>> > >> for >> > > >>> > >> > >> > > >>> > >> > > > transparent data encryption of data on disk ( >> > > >>> > >> > >> > > >>> > >> > > > >> > > >>> > https://apacheignite.readme.io/docs/transparent-data-encryption >> ) >> > > >>> > >> > >> > > >>> > >> > > > 3. Libraries/vendors for .NET nodes security?* Pavel >> > > >>> Tupitsyn*, >> > > >>> > >> > could >> > > >>> > >> > >> > > >>> > >> > > > you check? >> > > >>> > >> > >> > > >>> > >> > > > 4. Libraries/vendors for C++ clients security (SSL, >> > TLS, >> > > >>> > anything >> > > >>> > >> > >> > > >>> > >> > > > else?). *Igor Sapego*, could you please check? >> > > >>> > >> > >> > > >>> > >> > > > 5. Libraries/vendors for Python, PHP, Node.JS >> SSL/TLS? >> > > >>> *Dear >> > > >>> > thin >> > > >>> > >> > >> > > >>> > >> > > > client contributors*, please facilitate. >> > > >>> > >> > >> > > >>> > >> > > > 6. Anything else missing from the list? We don't >> have >> > any >> > > >>> > custom >> > > >>> > >> > >> > > >>> > >> > > > crypto features, right? >> > > >>> > >> > >> > > >>> > >> > > > >> > > >>> > >> > >> > > >>> > >> > > > All of these usages/integrations have to comply with >> the >> > > >>> following >> > > >>> > >> > >> > > >>> > >> > > > checklist [3] before I, as a PMC Chair, submit a >> notice to >> > > >>> Export >> > > >>> > >> > >> > > >>> > >> > > > Administration Regulations of the U.S.A. >> > > >>> > >> > >> > > >>> > >> > > > >> > > >>> > >> > >> > > >>> > >> > > > [1] http://www.apache.org/licenses/exports/ >> > > >>> > >> > >> > > >>> > >> > > > [2] http://www.apache.org/licenses/exports/#matrix >> > > >>> > >> > >> > > >>> > >> > > > [3] https://www.apache.org/dev/crypto.html#classify >> > > >>> > >> > >> > > >>> > >> > > > >> > > >>> > >> > >> > > >>> > >> > > > >> > > >>> > >> > >> > > >>> > >> > > > - >> > > >>> > >> > >> > > >>> > >> > > > Denis >> > > >>> > >> > >> > > >>> > >> > > > >> > > >>> > >> > >> > > >>> > >> > > >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> > >> > > >>> > >> >> > > >>> > > >> > > >>> > >> > > >>> >> > > >> >> > > >> > >> >
