This, again, is a difficult topic to comprehend. The "guidelines" open more questions than they provide guidance. The important note from crypto.html is: "Note - the regulations [...] were changed on June 25th 2010. This page describes the previous process. [...] projects should check with the legal-discuss list before proceeding."
>From my PoV it is safe to assume that -- as you pointed out -- Twill is not distributing crypto. Bernd On Tue, Jan 14, 2014 at 11:28 PM, Andreas Neumann <[email protected]> wrote: > I am trying to finish the IP clearance and lookimng at TWILL-28, the crypto > audit. I read the guide at http://www.apache.org/dev/crypto.html and I am > quite sure what to do. > > Twill does not explicitly contain cryptographic code, but > > - It uses java.util.UUID.randomUUID() to generate random ids. This > method uses "a cryptographically strong pseudo random number generator." > Since it is part of Java, I assume that is nothing to worry about. > - It uses Hadoop, which uses encryption. The only thing twill does here > is store delegation tokens on HDFS and read them back. > > So is there anything to do for this? Do I need to add Twill to the export > list at http://www.apache.org/licenses/exports/ ? Do we need to include a > crypto notice in our README? It is not clear to me after reading the > document. > > Thanks -Andreas. >
