Author: jfthomps
Date: Tue Jul 18 21:26:55 2017
New Revision: 1802341
URL: http://svn.apache.org/viewvc?rev=1802341&view=rev
Log:
VCL-1053 - Prepare VCL 2.5 release
README - added TSU notification section
Modified:
vcl/trunk/README
Modified: vcl/trunk/README
URL:
http://svn.apache.org/viewvc/vcl/trunk/README?rev=1802341&r1=1802340&r2=1802341&view=diff
==============================================================================
--- vcl/trunk/README (original)
+++ vcl/trunk/README Tue Jul 18 21:26:55 2017
@@ -141,3 +141,35 @@ included under web/.ht-inc/phpseclib.
Spyc version 0.5.1 (https://github.com/mustangostang/spyc/) is included under
web/.ht-inc/spyc-0.5.1.
+
+================================================================================
+TSU NOTIFICATION - Encryption
+
+This distribution includes cryptographic software. The country in which you
+currently reside may have restrictions on the import, possession, use, and/or
+re-export to another country, of encryption software. BEFORE using any
+encryption software, please check your country's laws, regulations and policies
+concerning the import, possession, or use, and re-export of encryption
software,
+to see if this is permitted. See <http://www.wassenaar.org/> for more
+information.
+
+The U.S. Government Department of Commerce, Bureau of Industry and Security
+(BIS), has classified this software as Export Commodity Control Number (ECCN)
+5D002.C.1, which includes information security software using or performing
+cryptographic functions with asymmetric algorithms. The form and manner of this
+Apache Software Foundation distribution makes it eligible for export under the
+License Exception ENC Technology Software Unrestricted (TSU) exception (see the
+BIS Export Administration Regulations, Section 740.13) for both object code and
+source code.
+
+The following provides more details on the included cryptographic software:
+
+The web and backend portions of the code utilize php and perl functions to
+encrypt password information stored in the database. The web code utilizes php
+functions to encrypt cookie information passed to and stored in users'
browsers.
+The backend code uses openssh to connect to and control deployed nodes. openssh
+heavily uses encryption.
+
+Addionally, the web portion of the code includes portions of the phpseclib
+library. This library is only used for PHP versions not supporting the function
+"openssl_encrypt" (supported since PHP 5.3.0).
