Hi, Sorry for spotting this..
Apache Commons Crypto is not listed on http://www.apache.org/licenses/exports/ - does it need to be? (One would assume so..) Also it was raised that Commons VFS depends on Bouncy Castle/Apache Mina/Jetty/SSHD/Hadoop/jsch and has encryption binding for AES128 - perhaps that also needs to be listed and registered? We only have listed: Commons Compress Commons OpenPGP See guidance on http://www.apache.org/dev/crypto.html BTW - I've raised https://issues.apache.org/jira/browse/LEGAL-250 to see if merely using a listed source as a Maven <dependency> means you also are classified - or if you would need to also bundle the dependency's binary (which I think we don't do). -- Stian Soiland-Reyes Apache Taverna (incubating), Apache Commons RDF (incubating) http://orcid.org/0000-0001-9842-9718 --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org