Am 26.09.25 um 11:21 schrieb Dominik Csapak: > I'm not a lawyer, but are you sure we are compliant with this? > > the https client will use encryption, so it's not like we don't use > encryption at all. (Especially with the cupertino_http package)
We use it, but we do not implement it, which is the key point here. > I guess this is exempt, but having some reference for that (aside > some medium/reddit post) would be nice. > > At least some kind of rationale in the commit would be good. > (IMHO 'we don't use proprietary encryption' is not a good reason > when also 'standard encryption' falls under the export regulation...) > > @Thomas, what do you think? We basically only need to check if any of the used dependencies implements the (lower level) encryption that HTTPS builds upon themselves, compared to using the platform libraries for that. And doing so would be good in any case, which would be an actual blocker for us anyway, i.e. independent of legal compliance with app stores, as that needs to be thoroughly vetted then, and even if we could to that (which I don't think we got the capacity to thoroughly do for this, especially considering the ROI here), would still need other to feel somewhat confident. I quickly checked cupertino_http [0], and from what I saw it uses only iOS platform native interfaces for TLS and the like, if that holds true (please check closer), we would be indeed compliant and can indeed signal this through setting ITSAppUsesNonExemptEncryption flag to false. [0]: https://github.com/dart-lang/http/tree/master/pkgs/cupertino_http/lib/src _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
