On Feb 4, 2008 8:38 AM, Jeremias Maerki <[EMAIL PROTECTED]> wrote: > That's only applicable if your company is based in the U.S. The Apache > Software Foundation is located in the U.S. and "exports" cryptography to > all the world. Based on US law it has to go through this "paperwork". If > your country has similar (IMO ineffective) laws you may have to do > similar work. > > > On 03.02.2008 11:48:30 Litrik De Roy wrote: > > Hi, > > > > Tika uses some cryptography code from the Bouncy Castle through > > PDFBox. In https://issues.apache.org/jira/browse/TIKA-118 some > > paperwork was done for the US exports regulation compliance. > > > > What is the impact of all this when I build something on top of Tika > > (like an Eclipse plugin) and distribute it? > > Since I would be re-exporting the crypto code, do I need to go through > > all that paperwork as well?
The crypto notice in the apache FAQ at http://www.apache.org/dev/crypto.html states: "BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See <http://www.wassenaar.org/> for more information." I live in Belgium. Technically I would be re-exporting the crypto code. IANAL, but Belgium participates in the Wassenaar Arrangement so it looks like I might have to do similar paperwork. Kinda hard to do without contact information at http://www.wassenaar.org/participants/contacts.html#Belgium All of a sudden, writing an Eclipse plug-in on top of Tika seems a lot less interesting (especially without a large organization like Apache taking care of legal issues). Does Tika work if I leave out the crypto libraries? -- Litrik De Roy Norio ICT Consulting - http://www.norio.be/
