Re: podling BIS notifications (jars in svn & crypto)

From: Michael Gentry (blacknex..mail.com)
Date: Thu Feb 22 2007 - 08:46:25 EST

Next message: Ahmed Mohombe: "Re: Help needed - new modeler icons"

Previous message: Ahmed Mohombe: "Re: CAY-659"
In reply to: Mike Kienenberger: "Re: podling BIS notifications (jars in svn & crypto)"
Next in thread: Jean T. Anderson: "Re: podling BIS notifications (jars in svn & crypto)"
Next in thread: Jean T. Anderson: "Re: podling BIS notifications (jars in svn & crypto)"
Reply: Jean T. Anderson: "Re: podling BIS notifications (jars in svn & crypto)"
Reply: Mike Kienenberger: "Re: podling BIS notifications (jars in svn & crypto)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I certainly don't mind having this cleared by legal and it is a good discussion.

I've had a bit more sleep and caffeine now and went over to
http://www.apache.org/dev/crypto.html and just read this bit:

"The U.S. Government Department of Commerce, Bureau of Industry and
Security (BIS), has classified this software as Export Commodity
Control Number (ECCN) 5D002.C.1, which includes information security
software using or performing cryptographic functions with asymmetric
algorithms."

ROT-13 and ROT-47 (the only ones we provide) are symmetrical
algorithms. To quote the Wikipedia (yeah, I know some people don't
feel it is definitive about anything):

"An additional feature of the cipher is that it is symmetrical; that
is, to undo ROT13, the same algorithm is applied, so the same code can
be used for encoding and decoding. "

This still feels like a non-issue to me, but worthy of discussion and
perhaps feedback from Apache legal. And if anyone really feels ROT-13
is secure, I know a 6-year old girl with a sheet of paper that can
hack their system. (She uses it to send "secret" messages to her
grandmother.) :-)

Mike K. did raise an interesting point about if Cayenne Modeler starts
using Derby instead of HSQL, what does that mean for us? Would we
only need the BIS/etc if we run the preferences DB with encryption (I
can't imagine we would -- no reason to)?

Thanks again!

/dev/mrg

On 2/22/07, Mike Kienenberger <mkienen..mail.com> wrote:
> Jean,
>
> Thank you for looking into this. I guess at some point I should join
> legal-discuss, but I already feel I'm overloaded with apache mailing
> lists :-)
>
> On 2/22/07, Jean T. Anderson <jt..ristowhill.com> wrote:
> > Mike Kienenberger wrote:
> > > ... if we start providing derby as a component of
> > > cayenne, then we are subject to the export regs.
> >
> > I just posted a question to legal-discuss asking if an Apache product
> > includes any product listed at http://www.apache.org/licenses/exports/,
> > does it need to also do the BIS notification.
> >
> > -jean
> >
> >
>

Next message: Ahmed Mohombe: "Re: Help needed - new modeler icons"
Previous message: Ahmed Mohombe: "Re: CAY-659"
In reply to: Mike Kienenberger: "Re: podling BIS notifications (jars in svn & crypto)"
Next in thread: Jean T. Anderson: "Re: podling BIS notifications (jars in svn & crypto)"
Next in thread: Jean T. Anderson: "Re: podling BIS notifications (jars in svn & crypto)"
Reply: Jean T. Anderson: "Re: podling BIS notifications (jars in svn & crypto)"
Reply: Mike Kienenberger: "Re: podling BIS notifications (jars in svn & crypto)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2.0.0 : Thu Feb 22 2007 - 08:46:57 EST