The instructions say "PMCs considering including cryptographic functionality within their products or specially designing their products to use other software with cryptographic functionality should take the following steps." It seems like we fall under the "specially designed" category.
On Tue, Apr 3, 2018 at 8:58 AM, Mike Walch <mwa...@apache.org> wrote: > The reason I asked this question is I don't see any crypto-related jars in > the binay distribution of Accumulo > and I don't think our source contains any cryptographic software. Does > anyone know of any case where > we include cryptographic software in the source or binary distribution? > > While Accumulo can be used with crypto libraries to encrypt data at rest, > it looks like we don't distribute > any cryptographic software so I would think the disclaimer could be > removed. > > On Mon, Apr 2, 2018 at 6:06 PM, Mike Drob <md...@apache.org> wrote: > > > We need it for the crypto libraries used for encryption at rest stuff. If > > you want to remove the disclaimer then you have to tear out those pieces > as > > well. > > > > Maybe this is not necessary any more with java 8 and changed default > > security policies? Would be good to check with Apache Legal before making > > changes. > > > > On Mon, Apr 2, 2018 at 10:01 PM, Mike Walch <mwa...@apache.org> wrote: > > > > > The Accumulo README.md[1] has an export control disclaimer. Does anyone > > > know the reasoning for it? Would anyone be opposed if it was removed? > > > > > > [1]: https://github.com/apache/accumulo/blob/master/README.md > > > > > >
