Thanks Bernd, for you input. I do consider it safe, too. But there is no harm contacting the legal list, so did that and I am waiting for response. -Andreas.
On Wed, Jan 15, 2014 at 8:35 AM, Bernd Fondermann < [email protected]> wrote: > This, again, is a difficult topic to comprehend. The "guidelines" open more > questions than they provide guidance. The important note from crypto.html > is: "Note - the regulations [...] were changed on June 25th 2010. This page > describes the previous process. [...] projects should check with the > legal-discuss list before proceeding." > > From my PoV it is safe to assume that -- as you pointed out -- Twill is not > distributing crypto. > > Bernd > > > On Tue, Jan 14, 2014 at 11:28 PM, Andreas Neumann <[email protected]> wrote: > > > I am trying to finish the IP clearance and lookimng at TWILL-28, the > crypto > > audit. I read the guide at http://www.apache.org/dev/crypto.html and I > am > > quite sure what to do. > > > > Twill does not explicitly contain cryptographic code, but > > > > - It uses java.util.UUID.randomUUID() to generate random ids. This > > method uses "a cryptographically strong pseudo random number > generator." > > Since it is part of Java, I assume that is nothing to worry about. > > - It uses Hadoop, which uses encryption. The only thing twill does > here > > is store delegation tokens on HDFS and read them back. > > > > So is there anything to do for this? Do I need to add Twill to the export > > list at http://www.apache.org/licenses/exports/ ? Do we need to include > a > > crypto notice in our README? It is not clear to me after reading the > > document. > > > > Thanks -Andreas. > > >
