Thanks!
I think we need to work more on https://www.apache.org/dev/crypto.html
to add the kind of considerations to make to decide if some software
needs to be registered or not, perhaps suggest various "escape
hatches".
Now we can proceed with the Taverna RCs :)
On 21 May 2016 at 22:24, Ted
I just sent this notification. I added a small amount of language to the
notification and added secretary@a.o as a cc and as a contact point.
Thanks to the Taverna community for laying the groundwork so assiduously.
This is a notoriously opaque area which you have illuminated nicely.
On Thu,
Hi, Taverna is still waiting for the ECCN registration for Taverna to
be sent in from Ted before we can continue to prepare our next release
candiates.
Taverna's listing is now live on:
https://www.apache.org/licenses/exports/
See draft email on
We documented it in https://issues.apache.org/jira/browse/TAVERNA-959
and on
https://cwiki.apache.org/confluence/display/TAVERNADEV/Taverna+Cryptography+review
See also
I would be happy if Taverna doesn't meet the ECCN registration criteria :)
I think we are not exempt overall from the 2010 decontrolling:
https://www.bis.doc.gov/index.php/policy-guidance/encryption/identifying-encryption-items#Three
because we do a lot of "sending and receiving information" -
Ted,
I think that's my point. It sounds like taverna doesn't meet the criteria.
John
On May 5, 2016 13:07, "Ted Dunning" wrote:
> John,
>
> I love what you do and respect what you say, but do you have a citation for
> that registration requirement? Taverna isn't
John,
I love what you do and respect what you say, but do you have a citation for
that registration requirement? Taverna isn't distributing JSSE and it
allows weak encryption.
On Wed, May 4, 2016 at 7:36 PM, John D. Ament wrote:
> That's the thing, JSSE is an add-on
That's the thing, JSSE is an add-on encryption component in Java. If the
product requires it, you have to register it.
Ideally the product shouldn't require it and make it an optional feature to
enable.
The latter is just my $0.02
John
On May 4, 2016 21:30, "Ted Dunning"
My guess is that this would fall to me.
There is considerable analysis to be done to determine whether filing is
required.
Are you guys documenting the decision points?
On Wed, May 4, 2016 at 4:45 AM, Stian Soiland-Reyes
wrote:
> On 2 May 2016 at 03:23, Stian Soiland-Reyes
On 2 May 2016 at 03:23, Stian Soiland-Reyes wrote:
> Formally - would it need to be the Incubator PMC chair sending the
> ECCN encryption email?
Could anyone from IPMC (e.g. our mentors) do it, or just Ted Dunning?
--
Stian Soiland-Reyes
Apache Taverna (incubating), Apache
MG>hopefully quick answer
> From: st...@apache.org
> Date: Mon, 2 May 2016 17:45:12 +0100
> Subject: Re: ECCN cryptography reporting?
> To: general@incubator.apache.org
>
> Thanks!
>
> We did a dependency clean-up (but not upgrade) as part of license
>
Thanks!
We did a dependency clean-up (but not upgrade) as part of license
review. We want to delay some of the upgrades (e.g. to OSGI 5) until
after getting the first full command line release out as this is what
pulls together everything in its lib/.
(Thus this is also why we need to do the
with other apache products to reduce code bloat and reduce deprecated packages
you might want to run
maven dependency:treemvn dependency:tree -Dverbose
https://maven.apache.org/plugins/maven-dependency-plugin/examples/resolving-conflicts-using-the-dependency-tree.html
compare delta(s) with
emma
13 matches
Mail list logo