I don't have much to add. This is somewhat outside my area of expertise. Pinging legal list seems reasonable to me.
Patrick On Fri, Jan 17, 2014 at 2:21 PM, Andreas Neumann <[email protected]> wrote: > Thanks Bernd, for you input. I do consider it safe, too. But there is no > harm contacting the legal list, so did that and I am waiting for response. > -Andreas. > > > On Wed, Jan 15, 2014 at 8:35 AM, Bernd Fondermann < > [email protected]> wrote: > >> This, again, is a difficult topic to comprehend. The "guidelines" open more >> questions than they provide guidance. The important note from crypto.html >> is: "Note - the regulations [...] were changed on June 25th 2010. This page >> describes the previous process. [...] projects should check with the >> legal-discuss list before proceeding." >> >> From my PoV it is safe to assume that -- as you pointed out -- Twill is not >> distributing crypto. >> >> Bernd >> >> >> On Tue, Jan 14, 2014 at 11:28 PM, Andreas Neumann <[email protected]> wrote: >> >> > I am trying to finish the IP clearance and lookimng at TWILL-28, the >> crypto >> > audit. I read the guide at http://www.apache.org/dev/crypto.html and I >> am >> > quite sure what to do. >> > >> > Twill does not explicitly contain cryptographic code, but >> > >> > - It uses java.util.UUID.randomUUID() to generate random ids. This >> > method uses "a cryptographically strong pseudo random number >> generator." >> > Since it is part of Java, I assume that is nothing to worry about. >> > - It uses Hadoop, which uses encryption. The only thing twill does >> here >> > is store delegation tokens on HDFS and read them back. >> > >> > So is there anything to do for this? Do I need to add Twill to the export >> > list at http://www.apache.org/licenses/exports/ ? Do we need to include >> a >> > crypto notice in our README? It is not clear to me after reading the >> > document. >> > >> > Thanks -Andreas. >> > >>
