[ https://issues.apache.org/jira/browse/JENA-1169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15625047#comment-15625047 ]
ASF GitHub Bot commented on JENA-1169: -------------------------------------- Github user asfgit closed the pull request at: https://github.com/apache/jena/pull/187 > Is Jena US Export classified due to encryption in dependencies? > --------------------------------------------------------------- > > Key: JENA-1169 > URL: https://issues.apache.org/jira/browse/JENA-1169 > Project: Apache Jena > Issue Type: Bug > Components: Build > Reporter: Stian Soiland-Reyes > > Hi - apologies for finding this.. > I just noticed on > http://www.apache.org/licenses/exports/ > includes US export classified tools from ASF: > Apache HttpComponents Core 4.0 and later > Apache HttpComponents Client 4.0 and later > Apache Hadoop 17.0 and later > See also: > http://www.apache.org/dev/crypto.html#faq-manyproducts > We redistribute Apache HTTP Components in the Jena and Fuseki binary > distributions. We don't distribute Hadoop - we only link to it from Elephas. > Reading ASF's FAQ it is not clear if we would need to be listed just from > having a <dependency> on such a classified item. > Would we therefore also need to also declare Jena as classified? Or is the > transitivity broken because Jena only use the encryption (e.g. access > https:// JSON-LD contexts)? > (This transitivity thing could mean anyone in the US distributing software > using Jena would be US Export regulated. I hope I am wrong.. worth checking > with LEGAL I think) > BTW this was discussed in 2011 - but I believe we since removed BouncyCastle > dependency: > http://mail-archives.apache.org/mod_mbox/jena-dev/201108.mbox/%3c4e3ff7e8.1060...@epimorphics.com%3E > h2. Draft eccnmatrix.xml additions > To be added to > https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/eccnmatrix.xml > and then published to http://www.apache.org/licenses/exports/ > See http://www.apache.org/dev/crypto.html#sources > {code:xml} > <Project id="jena" href="http://jena.apache.org"> > <Name>Apache Jena</Name> > <Contact><Name>Andy Seaborne</Name></Contact> > <Product> > <Name>Apache Jena</Name> > <Version> > <Names>development</Names> > <ECCN>5D002</ECCN> > <ControlledSource > href="https://git-wip-us.apache.org/repos/asf/jena.git"> > <Manufacturer>ASF</Manufacturer> > <Why>Use Apache HTTPComponents Client</Why> > </ControlledSource> > <ControlledSource > href="http://svn.apache.org/repos/asf/httpcomponents/httpcore/"> > <Manufacturer>ASF</Manufacturer> > <Why>Designed for use with Java Secure Socket Extension (JSSE)</Why> > </ControlledSource> > <ControlledSource > href="http://archive.apache.org/dist/httpcomponents/httpcore/"> > <Manufacturer>ASF</Manufacturer> > <Why>Designed for use with Java Secure Socket Extension (JSSE)</Why> > </ControlledSource> > </Version> > <Version> > <Names>2.7.0-incubating and later</Names> > <ECCN>5D002</ECCN> > <ControlledSource href="http://archive.apache.org/dist/jena/source/"> > <Manufacturer>ASF</Manufacturer> > <Why>Use Apache HTTPComponents Client</Why> > </ControlledSource> > <ControlledSource href="http://archive.apache.org/dist/jena/binaries/"> > <Manufacturer>ASF</Manufacturer> > <Why>Include Apache HTTPComponents Client</Why> > </ControlledSource> > </Version> > </Product> > <Product> > <Name>Apache Jena Fuseki</Name> > <Version> > <Names>development</Names> > <ECCN>5D002</ECCN> > <ControlledSource > href="https://git-wip-us.apache.org/repos/asf/jena.git"> > <Manufacturer>ASF</Manufacturer> > <Why>Use Apache HTTPComponents Client, Apache Shiro</Why> > </ControlledSource> > <ControlledSource > href="http://svn.apache.org/repos/asf/httpcomponents/httpcore/"> > <Manufacturer>ASF</Manufacturer> > <Why>Designed for use with Java Secure Socket Extension (JSSE)</Why> > </ControlledSource> > <ControlledSource > href="http://archive.apache.org/dist/httpcomponents/httpcore/"> > <Manufacturer>ASF</Manufacturer> > <Why>Designed for use with Java Secure Socket Extension (JSSE)</Why> > </ControlledSource> > <ControlledSource href="http://archive.apache.org/dist/shiro/"> > <Manufacturer>ASF</Manufacturer> > <Why>Designed for use with Java Cryptography Extensions (JCE)</Why> > </ControlledSource> > </Version> > <Version> > <Names>0.2.1-incubating and later</Names> > <ECCN>5D002</ECCN> > <ControlledSource href="http://archive.apache.org/dist/jena/source/"> > <Manufacturer>ASF</Manufacturer> > <Why>Use Apache HTTPComponents Client, Apache Shiro</Why> > </ControlledSource> > <ControlledSource href="http://archive.apache.org/dist/jena/binaries/"> > <Manufacturer>ASF</Manufacturer> > <Why>Include Apache HTTPComponents, Apache Shiro, Apache Solr, > Jetty</Why> > </ControlledSource> > <ControlledSource > href="http://svn.apache.org/repos/asf/httpcomponents/httpcore/"> > <Manufacturer>ASF</Manufacturer> > <Why>Designed for use with Java Secure Socket Extension (JSSE)</Why> > </ControlledSource> > <ControlledSource > href="http://archive.apache.org/dist/httpcomponents/httpcore/"> > <Manufacturer>ASF</Manufacturer> > <Why>Designed for use with Java Secure Socket Extension (JSSE)</Why> > </ControlledSource> > <ControlledSource href="http://archive.apache.org/dist/shiro/"> > <Manufacturer>ASF</Manufacturer> > <Why>Designed for use with Java Cryptography Extensions (JCE)</Why> > </ControlledSource> > <ControlledSource href="http://www.apache.org/dist/lucene/solr/"> > <Manufacturer>ASF</Manufacturer> > <Why>Designed for use with the Apache Tika API in the > contrib/extraction libraries</Why> > </ControlledSource> > <ControlledSource href="http://eclipse.org/jetty"> > <Manufacturer>The Eclipse Foundation</Manufacturer> > <Why>SSL library for Jetty</Why> > </ControlledSource> > </Version> > </Product> > </Project> > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)