[
https://issues.apache.org/jira/browse/TWILL-28?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13874224#comment-13874224
]
Andreas Neumann commented on TWILL-28:
--------------------------------------
Twill does not explicitly contain cryptographic code, but
* It uses java.util.UUID.randomUUID() to generate random ids. This method uses
"a cryptographically strong pseudo random number generator." Since it is part
of Java, I assume that is nothing to worry about.
* It uses Hadoop, which uses encryption. The only thing twill does here is
store delegation tokens on HDFS and read them back.
So is there anything to do for this? Do I need to add Twill to the export list
at http://www.apache.org/licenses/exports/ ? Do we need to include a crypto
notice in our README? It is not clear to me after reading the document.
> Audit Cryptography
> -------------------
>
> Key: TWILL-28
> URL: https://issues.apache.org/jira/browse/TWILL-28
> Project: Apache Twill
> Issue Type: Sub-task
> Reporter: Andreas Neumann
> Assignee: Andreas Neumann
>
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
