[ 
https://issues.apache.org/jira/browse/JENA-1169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15581793#comment-15581793
 ] 

Stian Soiland-Reyes commented on JENA-1169:
-------------------------------------------

Yes, there's no legal requirement for it to be in a file called README - so you 
could just as well move it to EXPORTING.md or something and link to that from 
README. 

Now that we've got BUILD.md and CONTRIBUTING.md it should not need much to 
improve Jena's README.md

For inspiration here's one example where I don't feel the Export text is too 
intimidating: 
https://github.com/apache/incubator-taverna-language#apache-taverna-language

> Is Jena US Export classified due to encryption in dependencies?
> ---------------------------------------------------------------
>
>                 Key: JENA-1169
>                 URL: https://issues.apache.org/jira/browse/JENA-1169
>             Project: Apache Jena
>          Issue Type: Bug
>          Components: Build
>            Reporter: Stian Soiland-Reyes
>
> Hi - apologies for finding this..
> I just noticed  on 
> http://www.apache.org/licenses/exports/   
> includes US export classified tools from ASF:
> Apache HttpComponents Core 4.0 and later
> Apache HttpComponents Client 4.0 and later
> Apache Hadoop 17.0 and later
> See also:
> http://www.apache.org/dev/crypto.html#faq-manyproducts
> We redistribute Apache HTTP Components in the Jena and Fuseki binary 
> distributions. We don't distribute Hadoop - we only link to it from Elephas.
> Reading ASF's FAQ it is not clear if we would need to be listed just from 
> having a <dependency> on such a classified item.
> Would we therefore also need to also declare Jena as classified? Or is the 
> transitivity broken because Jena only use the encryption (e.g. access 
> https:// JSON-LD contexts)? 
> (This transitivity thing could mean anyone in the US distributing software 
> using Jena would be US Export regulated. I hope I am wrong.. worth checking 
> with LEGAL I think)
> BTW this was discussed in 2011 - but I believe we since removed BouncyCastle 
> dependency:
> http://mail-archives.apache.org/mod_mbox/jena-dev/201108.mbox/%3c4e3ff7e8.1060...@epimorphics.com%3E
> h2. Draft eccnmatrix.xml additions
> To be added to 
> https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/eccnmatrix.xml
> and then published to http://www.apache.org/licenses/exports/
> See http://www.apache.org/dev/crypto.html#sources
> {code:xml}
>  <Project id="jena" href="http://jena.apache.org";>
>   <Name>Apache Jena</Name>
>   <Contact><Name>Andy Seaborne</Name></Contact>
>   <Product>
>     <Name>Apache Jena</Name>
>     <Version>
>       <Names>development</Names>
>       <ECCN>5D002</ECCN>
>       <ControlledSource 
> href="https://git-wip-us.apache.org/repos/asf/jena.git";>
>         <Manufacturer>ASF</Manufacturer>
>         <Why>Use Apache HTTPComponents Client</Why>
>       </ControlledSource>
>       <ControlledSource 
> href="http://svn.apache.org/repos/asf/httpcomponents/httpcore/";>
>         <Manufacturer>ASF</Manufacturer>
>         <Why>Designed for use with Java Secure Socket Extension (JSSE)</Why>
>       </ControlledSource>
>       <ControlledSource 
> href="http://archive.apache.org/dist/httpcomponents/httpcore/";>
>         <Manufacturer>ASF</Manufacturer>
>         <Why>Designed for use with Java Secure Socket Extension (JSSE)</Why>
>       </ControlledSource>
>     </Version>
>     <Version>
>       <Names>2.7.0-incubating and later</Names>
>       <ECCN>5D002</ECCN>
>       <ControlledSource href="http://archive.apache.org/dist/jena/source/";>
>         <Manufacturer>ASF</Manufacturer>
>         <Why>Use Apache HTTPComponents Client</Why>
>       </ControlledSource>
>       <ControlledSource href="http://archive.apache.org/dist/jena/binaries/";>
>         <Manufacturer>ASF</Manufacturer>
>         <Why>Include Apache HTTPComponents Client</Why>
>       </ControlledSource>
>     </Version>
>   </Product>
>   <Product>
>     <Name>Apache Jena Fuseki</Name>
>     <Version>
>       <Names>development</Names>
>       <ECCN>5D002</ECCN>
>       <ControlledSource 
> href="https://git-wip-us.apache.org/repos/asf/jena.git";>
>         <Manufacturer>ASF</Manufacturer>
>         <Why>Use Apache HTTPComponents Client, Apache Shiro</Why>
>       </ControlledSource>
>       <ControlledSource 
> href="http://svn.apache.org/repos/asf/httpcomponents/httpcore/";>
>         <Manufacturer>ASF</Manufacturer>
>         <Why>Designed for use with Java Secure Socket Extension (JSSE)</Why>
>       </ControlledSource>
>       <ControlledSource 
> href="http://archive.apache.org/dist/httpcomponents/httpcore/";>
>         <Manufacturer>ASF</Manufacturer>
>         <Why>Designed for use with Java Secure Socket Extension (JSSE)</Why>
>       </ControlledSource>
>       <ControlledSource href="http://archive.apache.org/dist/shiro/";>
>         <Manufacturer>ASF</Manufacturer>
>         <Why>Designed for use with Java Cryptography Extensions (JCE)</Why>
>       </ControlledSource>
>     </Version>
>     <Version>
>       <Names>0.2.1-incubating and later</Names>
>       <ECCN>5D002</ECCN>
>       <ControlledSource href="http://archive.apache.org/dist/jena/source/";>
>         <Manufacturer>ASF</Manufacturer>
>         <Why>Use Apache HTTPComponents Client, Apache Shiro</Why>
>       </ControlledSource>
>       <ControlledSource href="http://archive.apache.org/dist/jena/binaries/";>
>         <Manufacturer>ASF</Manufacturer>
>         <Why>Include Apache HTTPComponents, Apache Shiro, Apache Solr, 
> Jetty</Why>
>       </ControlledSource>
>       <ControlledSource 
> href="http://svn.apache.org/repos/asf/httpcomponents/httpcore/";>
>         <Manufacturer>ASF</Manufacturer>
>         <Why>Designed for use with Java Secure Socket Extension (JSSE)</Why>
>       </ControlledSource>
>       <ControlledSource 
> href="http://archive.apache.org/dist/httpcomponents/httpcore/";>
>         <Manufacturer>ASF</Manufacturer>
>         <Why>Designed for use with Java Secure Socket Extension (JSSE)</Why>
>       </ControlledSource>
>       <ControlledSource href="http://archive.apache.org/dist/shiro/";>
>         <Manufacturer>ASF</Manufacturer>
>         <Why>Designed for use with Java Cryptography Extensions (JCE)</Why>
>       </ControlledSource>
>       <ControlledSource href="http://www.apache.org/dist/lucene/solr/";>
>         <Manufacturer>ASF</Manufacturer>
>         <Why>Designed for use with the Apache Tika API in the 
> contrib/extraction libraries</Why>
>       </ControlledSource>
>       <ControlledSource href="http://eclipse.org/jetty";>
>         <Manufacturer>The Eclipse Foundation</Manufacturer>
>         <Why>SSL library for Jetty</Why>
>       </ControlledSource>
>     </Version>
>   </Product>
> </Project>
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to