Author: jfthomps Date: Tue Jul 18 21:26:55 2017 New Revision: 1802341 URL: http://svn.apache.org/viewvc?rev=1802341&view=rev Log: VCL-1053 - Prepare VCL 2.5 release
README - added TSU notification section Modified: vcl/trunk/README Modified: vcl/trunk/README URL: http://svn.apache.org/viewvc/vcl/trunk/README?rev=1802341&r1=1802340&r2=1802341&view=diff ============================================================================== --- vcl/trunk/README (original) +++ vcl/trunk/README Tue Jul 18 21:26:55 2017 @@ -141,3 +141,35 @@ included under web/.ht-inc/phpseclib. Spyc version 0.5.1 (https://github.com/mustangostang/spyc/) is included under web/.ht-inc/spyc-0.5.1. + +================================================================================ +TSU NOTIFICATION - Encryption + +This distribution includes cryptographic software. The country in which you +currently reside may have restrictions on the import, possession, use, and/or +re-export to another country, of encryption software. BEFORE using any +encryption software, please check your country's laws, regulations and policies +concerning the import, possession, or use, and re-export of encryption software, +to see if this is permitted. See <http://www.wassenaar.org/> for more +information. + +The U.S. Government Department of Commerce, Bureau of Industry and Security +(BIS), has classified this software as Export Commodity Control Number (ECCN) +5D002.C.1, which includes information security software using or performing +cryptographic functions with asymmetric algorithms. The form and manner of this +Apache Software Foundation distribution makes it eligible for export under the +License Exception ENC Technology Software Unrestricted (TSU) exception (see the +BIS Export Administration Regulations, Section 740.13) for both object code and +source code. + +The following provides more details on the included cryptographic software: + +The web and backend portions of the code utilize php and perl functions to +encrypt password information stored in the database. The web code utilizes php +functions to encrypt cookie information passed to and stored in users' browsers. +The backend code uses openssh to connect to and control deployed nodes. openssh +heavily uses encryption. + +Addionally, the web portion of the code includes portions of the phpseclib +library. This library is only used for PHP versions not supporting the function +"openssl_encrypt" (supported since PHP 5.3.0).