On 8/30/07, Mark Brouwer <[EMAIL PROTECTED]> wrote: > Based on a posting passing by in [EMAIL PROTECTED] related to > a project using cryptographic functions, I'm utterly confused. I quote > from a Board Meeting that has been posted to that list: > > "In the long term, using rat or similar scanning to pick up any > crypto dependencies would be helpful. But that doesn't relieve > any projects from complying with the export notification policy. > > It seems that this process will need tweaking for Incubation > projects since (at the moment) we use per-project data collection, > and all of incubator falls under a single project.
Yes, the Incubator PMC (whom I added to this mail, hence I'm quoting entirely) should be the ultimate responsible for this process. > We should probably make this part of the entry requirements for > a project so that the issue is noted long before files exist in > subversion." > > This is different as it appears to me from what has been discussed > before here when I raised a similar question, where it was stated by > Geir that we only need to take care of this at release time. > > How I read the Board note and the FAQ at > http://www.apache.org/dev/crypto.html it seems we had to notify the U.S. > Government already of the JTSK codebase entering SVN. > > Any comments? I think your reading is fine: we've got some homework to do. Any takers? Any specific instructions from the PMC? Ciao, -- Gianugo Rabellino Sourcesense, making sense of Open Source: http://www.sourcesense.com Orixo, the XML business alliance: http://www.orixo.com (blogging at http://www.rabellino.it/blog/)
