The exact BouncyCastle JAR that is going to be fetched during the build would be :
http://repo2.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/1.55/bcpkix-jdk15on-1.55.jar And for Pulsar source code, should we just list the git repo at https://github.com/apache/incubator-pulsar ? On Mon, Sep 25, 2017 at 1:32 PM Dave Fisher <dave2w...@comcast.net> wrote: > Hi Joe, > > I can help submit the form to the government and make the changes to the > ECCN pageā¦ > > To make the update I need to know the hrefs below: > > <Product> > <Name>Apache Pulsar</Name> > <Version> > <Names>Versions 1.20 and greater</Names> > <ECCN>5D002</ECCN> > <ControlledSource href="https://pulsar trunk"> > <Manufacturer>ASF</Manufacturer> > <Why> > Designed for use with the Bouncy Castle enryption libraries. > </Why> > </ControlledSource> > <ControlledSource href="https://path.to.pulsars.bouncy-castle.jar";> > <Manufacturer>Bouncy Castle</Manufacturer> > <Why>General-purpose encryption library</Why> > </ControlledSource> > </Version> > </Product> > > Regards, > Dave > > > On Sep 21, 2017, at 7:54 PM, Dave Fisher <dave2w...@comcast.net> wrote: > > Hi Joe, > > This is a good catch. I am traveling this week and can help with the > filing on Monday unless one of the other mentors can do so tomorrow. > > Regards, > Dave > > Sent from my iPhone > > On Sep 21, 2017, at 8:36 PM, Joe F <joefranc...@gmail.com> wrote: > > Hi Mentors, > > As I was going through the license verification for the next release > (1.20) , I happened to see this > http://www.apache.org/licenses/exports/ (which I'm calling the export > license page) > > Pulsar 1.20 release introduces encryption (as an optional feature), and it > uses Bouncycastle, and we were planning on including the Bouncy* jars in > the binary. > > Many Apache projects using Bouncycastle as listed on the export license > page. Do we need to list it Pulsar on the export license page now? If so, > how do we get it into there? > > Or should we just remove the BouncyCastle jars from the distribution and > leave it optional, letting users install it if needed? Users will need > to install it for building Pulsar from source. They wont need it for > running Pulsar, unless they use encryption. > > What's the guidance on this? > > Cheers, > Joe > > > > -- Matteo Merli <mme...@apache.org>
