All, I just noticed that Tika seems to reference bouncycastle somehow (for S/MIME parsing, I guess?). Now IANAL and all that, but given the recent discussions on legal-discuss, I just wanted to raise this here. If Tika depends on bouncycastle, we may need to take action to be sure to comply with US export regulations:
PMCs considering including cryptographic functionality within their products or specially designing their products to use other software with cryptographic functionality should take the following steps before placing such code on any ASF server, including commits to subversion: 1. Check the Export Control Classification Number (ECCN). 2. Update the Exports Page with Source Links. 3. Notify the U.S. Government of the new code. 4. Inform users with a crypto notice in the distribution's README and download pages. This is from: http://www.apache.org/dev/crypto.html Bouncycastle is listed here: http://www.apache.org/licenses/exports/ Anybody have any insight into this? --Thilo
