Hi Matteo, > On Sep 25, 2017, at 1:20 PM, Matteo Merli <mme...@apache.org> wrote: > > Hi Dave, > > thanks for chiming in. I and Joe have been reading along the document for > handling crypto code at http://www.apache.org/dev/crypto.html > > My brief understanding of it is that: > * We should have started before committing the code (though we didn't know > about it :( )
No worries we are doing it now. > * There is a mail that has to be sent to US gov for notification. I’ll take care of it once we update the exports page. > * The project needs to be listed in the ASF "exports” page I can do this too. See my recent email. > > * The actions are to be taken from someone in the project PMC and I am > assuming in this case that would be the Incubator PMC. Yes. IPMC and I can do it. > * We shouldn't need to wait from any confirmation from US gov, once the > notification is sent and the ASF page updated, we should in theory good to > commit the code (..ahem..) and make a release. Exactly/ > > Are my statements correct? Yes. Regards, Dave > Thank you, > Matteo > > On Thu, Sep 21, 2017 at 7:54 PM Dave Fisher <dave2w...@comcast.net> wrote: > >> Hi Joe, >> >> This is a good catch. I am traveling this week and can help with the >> filing on Monday unless one of the other mentors can do so tomorrow. >> >> Regards, >> Dave >> >> Sent from my iPhone >> >>> On Sep 21, 2017, at 8:36 PM, Joe F <joefranc...@gmail.com> wrote: >>> >>> Hi Mentors, >>> >>> As I was going through the license verification for the next release >>> (1.20) , I happened to see this >>> http://www.apache.org/licenses/exports/ (which I'm calling the export >>> license page) >>> >>> Pulsar 1.20 release introduces encryption (as an optional feature), and >> it >>> uses Bouncycastle, and we were planning on including the Bouncy* jars in >>> the binary. >>> >>> Many Apache projects using Bouncycastle as listed on the export license >>> page. Do we need to list it Pulsar on the export license page now? If >> so, >>> how do we get it into there? >>> >>> Or should we just remove the BouncyCastle jars from the distribution and >>> leave it optional, letting users install it if needed? Users will >> need >>> to install it for building Pulsar from source. They wont need it for >>> running Pulsar, unless they use encryption. >>> >>> What's the guidance on this? >>> >>> Cheers, >>> Joe >> >> -- > Matteo Merli > <mme...@apache.org>
signature.asc
Description: Message signed with OpenPGP