Based on a posting passing by in [EMAIL PROTECTED] related to a project using cryptographic functions, I'm utterly confused. I quote from a Board Meeting that has been posted to that list:
"In the long term, using rat or similar scanning to pick up any crypto dependencies would be helpful. But that doesn't relieve any projects from complying with the export notification policy. It seems that this process will need tweaking for Incubation projects since (at the moment) we use per-project data collection, and all of incubator falls under a single project. We should probably make this part of the entry requirements for a project so that the issue is noted long before files exist in subversion." This is different as it appears to me from what has been discussed before here when I raised a similar question, where it was stated by Geir that we only need to take care of this at release time. How I read the Board note and the FAQ at http://www.apache.org/dev/crypto.html it seems we had to notify the U.S. Government already of the JTSK codebase entering SVN. Any comments? -- Mark
