Stian Soiland-Reyes created JENA-1169:
-----------------------------------------
Summary: Is Jena US Export classified due to encryption?
Key: JENA-1169
URL: https://issues.apache.org/jira/browse/JENA-1169
Project: Apache Jena
Issue Type: Bug
Components: Build
Reporter: Stian Soiland-Reyes
Hi - apologies for finding this..
I just noticed on
http://www.apache.org/licenses/exports/
includes US export classified tools from ASF:
Apache HttpComponents Core 4.0 and later
Apache HttpComponents Client 4.0 and later
Apache Hadoop 17.0 and later
See also:
http://www.apache.org/dev/crypto.html#faq-manyproducts
We redistribute Apache HTTP Components in the Jena and Fuseki binary
distributions. We don't distribute Hadoop - we only link to it from Elephas.
Reading ASF's FAQ it is not clear if we would need to be listed just from
having a <dependency> on such a classified item.
Would we therefore also need to also declare Jena as classified? Or is the
transitivity broken because Jena only use the encryption (e.g. access https://
JSON-LD contexts)?
(This transitivity thing could mean anyone in the US distributing software
using Jena would be US Export regulated. I hope I am wrong.. worth checking
with LEGAL I think)
BTW this was discussed in 2011 - but I believe we since removed BouncyCastle
dependency:
http://mail-archives.apache.org/mod_mbox/jena-dev/201108.mbox/%[email protected]%3E
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
