Test dependency should be fine. The SSHD and JSch integration is however probably not OK without classification.
I think integrating with "encryption functionality" (without bundling) is sufficient to become an "encryption item": http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201605.mbox/%3CD35026DE.692DB%25aharui%40adobe.com%3E https://www.bis.doc.gov/index.php/policy-guidance/encryption/identifying-encryption-items Let's try to sort this in the separate thread: http://mail-archives.apache.org/mod_mbox/commons-dev/201605.mbox/%3CCAB917R%2BuGHPiOUUq_F48n3-m-nKdgrgndcBkmpmA%3DS1H3Ngs5Q%40mail.gmail.com%3E It could be that Apache's pages about this is out of date. On 4 May 2016 at 18:50, Jörg Schaible <joerg.schai...@gmx.de> wrote: > Hi Stian, > > Stian Soiland-Reyes wrote: > > > [snip] > >> -1 Unclassified use of encryption libraries Bouncy Castle/Apache >> Mina/SSHD/Hadoop/jsch/Jetty (plus some AES128 in DefaultCryptor) - but >> Commons VFS is not classified on >> http://www.apache.org/licenses/exports/ > > > Sorry, but I fail to see the problem. BC is used as test dependency only and > it is nowhere part of our deliveries or used in our code. AES128 is part of > the Java runtime. > > Cheers, > Jörg > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > -- Stian Soiland-Reyes Apache Taverna (incubating), Apache Commons RDF (incubating) http://orcid.org/0000-0001-9842-9718 --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
