Dear Wiki user, You have subscribed to a wiki page or wiki category on "Turbine Wiki" for change notification.
The following page has been changed by ScottEade: http://wiki.apache.org/turbine/BoardReport-February2008 The comment on the change is: Fixes and comments please - this is due soon. New page: == Apache Turbine Project Board Report, February 2008 == === Status === There has been good progress towards resolving the outstanding ECCN issues within the Turbine project. See below for details. The final tasks relating to Turbine becoming a TLP have ''finally'' been completed - the mirrored downloads and archived releases have been moved from jakarta to turbine directories. Other than this the Turbine project continues on with a fairly low level of activity. The Turbine project has no board-level issues at this time. ==== ECCN Status and activity ==== [Siegfried : Can you please review the following for accuracy.] While this issue has been highlighted by Bill for the current round of reports, it has been on our radar for some time now. The following areas '''''had''''' the potential to require ECCN registration due to their use of a "symmetric algorithm employing a key length exceeding 56 bits" and/or because they "were designed to work with strong cryptographic libraries": 1. fulcrum-crypto - used the cryptix library 1. The Crypto Service in Turbine Core, from which fulcrum-crypto was extracted - also used the cryptix library 1. fulcrum-yaafi - supports decryption of strongly encrypted configuration files 1. fulcrum-pbe - supports strong encryption/decryption of files In particular, the following actions have taken place: * the cryptix dependency has been removed from fulcrum-crypto and Turbine core's Crypto Service (replaced with org.apache.jetspeed.services.security.ldap.UnixCrypt from the JetSpeed Portal project). * the exposed interfaces and underlying implementation of fulcrum-yaafi and fulcrum-pbe have been modified to ensure that only DES (56 bit key length) can be used (strong encryption was never used but was available through the exposed interfaces). It is our understanding that after our next release of the following components, no aspects of the Apache Turbine project will require ECCN registration: * fulcrum-crypto-1.0.7 - ETA some time in the next few weeks * turbine-2.3.3 - ETA some time in the next month or so * fulcrum-yaafi-1.0.6 - ETA some time in the next few weeks * fulcrum-pbe-1.0.0 - Not yet a released component so no release required in order to comply. === Community changes === No new committers were voted in since the last board report. No new PMC members were voted in since the last board report. === Turbine core project === The Turbine Core trunk and turbine-site modules have been updated to ASL 2.0 - this was long overdue and is in preparation for a future release. The changes to fulcrum-crypto have been backported to the Crypto Service so as to eliminate the ECCN registration requirement for Turbine core. We are working on releasing Turbine 2.3.3 - this has primarily been waiting on the DB Project's Torque 3.3 release which is likely to appear in the next couple of weeks. No beta or final releases were made since the last board report. === Fulcrum component project === Mostly ECCN related activity, but progress on migrating from Maven 1.x to Maven 2.x for project builds has commenced. No beta or final releases were made since the last board report. === META project === No beta or final releases were made since the last board report. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
