Hi - I’ve updated the page http://www.apache.org/licenses/exports/index.html <http://www.apache.org/licenses/exports/index.html> and sent the notice to the government.
Regards, Dave > On Sep 25, 2017, at 3:40 PM, Sahaya Andrews <andr...@apache.org> wrote: > > In the bouncy castle website, they refer to their ftp website for > previous releases. The corresponding ftp location for the version we > are using would be: > ftp://ftp.bouncycastle.org/pub/release1.55/bcprov-jdk15on-155.jar > ftp://ftp.bouncycastle.org/pub/release1.55/bcprov-jdk15on-155.jar > > Andrews. > > On Mon, Sep 25, 2017 at 3:27 PM, Matteo Merli <mme...@apache.org> wrote: >> The exact BouncyCastle JAR that is going to be fetched during the build >> would be : >> >> http://repo2.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/1.55/bcpkix-jdk15on-1.55.jar >> >> And for Pulsar source code, should we just list the git repo at >> https://github.com/apache/incubator-pulsar ? >> >> >> >> >> On Mon, Sep 25, 2017 at 1:32 PM Dave Fisher <dave2w...@comcast.net> wrote: >> >>> Hi Joe, >>> >>> I can help submit the form to the government and make the changes to the >>> ECCN page… >>> >>> To make the update I need to know the hrefs below: >>> >>> <Product> >>> <Name>Apache Pulsar</Name> >>> <Version> >>> <Names>Versions 1.20 and greater</Names> >>> <ECCN>5D002</ECCN> >>> <ControlledSource href="https://pulsar trunk"> >>> <Manufacturer>ASF</Manufacturer> >>> <Why> >>> Designed for use with the Bouncy Castle enryption libraries. >>> </Why> >>> </ControlledSource> >>> <ControlledSource href="https://path.to.pulsars.bouncy-castle.jar";> >>> <Manufacturer>Bouncy Castle</Manufacturer> >>> <Why>General-purpose encryption library</Why> >>> </ControlledSource> >>> </Version> >>> </Product> >>> >>> Regards, >>> Dave >>> >>> >>> On Sep 21, 2017, at 7:54 PM, Dave Fisher <dave2w...@comcast.net> wrote: >>> >>> Hi Joe, >>> >>> This is a good catch. I am traveling this week and can help with the >>> filing on Monday unless one of the other mentors can do so tomorrow. >>> >>> Regards, >>> Dave >>> >>> Sent from my iPhone >>> >>> On Sep 21, 2017, at 8:36 PM, Joe F <joefranc...@gmail.com> wrote: >>> >>> Hi Mentors, >>> >>> As I was going through the license verification for the next release >>> (1.20) , I happened to see this >>> http://www.apache.org/licenses/exports/ (which I'm calling the export >>> license page) >>> >>> Pulsar 1.20 release introduces encryption (as an optional feature), and it >>> uses Bouncycastle, and we were planning on including the Bouncy* jars in >>> the binary. >>> >>> Many Apache projects using Bouncycastle as listed on the export license >>> page. Do we need to list it Pulsar on the export license page now? If so, >>> how do we get it into there? >>> >>> Or should we just remove the BouncyCastle jars from the distribution and >>> leave it optional, letting users install it if needed? Users will need >>> to install it for building Pulsar from source. They wont need it for >>> running Pulsar, unless they use encryption. >>> >>> What's the guidance on this? >>> >>> Cheers, >>> Joe >>> >>> >>> >>> -- >> Matteo Merli >> <mme...@apache.org>
signature.asc
Description: Message signed with OpenPGP
