MG>hopefully quick answer
> From: st...@apache.org > Date: Mon, 2 May 2016 17:45:12 +0100 > Subject: Re: ECCN cryptography reporting? > To: general@incubator.apache.org > > Thanks! > > We did a dependency clean-up (but not upgrade) as part of license > review. We want to delay some of the upgrades (e.g. to OSGI 5) until > after getting the first full command line release out as this is what > pulls together everything in its lib/. > > (Thus this is also why we need to do the encryption review now). > > > I used > > mvn dependency:tree -DoutputFile=`pwd`/target/tree.txt -DappendOutput=true > > to check what dependencies we are using across modules - obviously all > the Apache ones are easy to check against > http://www.apache.org/licenses/exports/ > > but it's harder to check if any of the others are classified or not > beyond heavy googling - e.g. > Jetty is apparantly classified according to > https://dev.eclipse.org/mhonarc/lists/jetty-users/msg05898.html MG>you can use RAT-REPORTMG>http://creadur.apache.org/rat/apache-rat-plugin/rat-mojo.html > > > I wonder if Apache Whisker folks would have any thoughts on how > generating/checking for encryption export dependencies should be > simplified - you would think something like a > META-INF/EXPORT-RESTRICTED in the dependency JARs would work. > (Although some projects put their encryption classification in NOTICE > - I understand this is discouraged?) > > > Emma seems a bit abandoned (e.g. no Maven 2 plugin) - I know Commons > now use Cobertura and/or JaCoCo - but perhaps those are better to > check coverage of your own code rather than the dependencies. MG>when I first started build/release management 14 years ago I was using Ant so Clover was the only code-coverage utilityhttps://confluence.atlassian.com/display/CLOVER/Clover-for-Maven+2+and+3+User's+Guide MG>emma gained a foothold about 10 years ago when I switched to maven but I also wanted code-coverage for Aspectj MG>I asked the contributors how to add AspectJ but i have yet to hear back..MG>this is sad when the author abandons the project and wont let anyone else update the codehttp://emma.sourceforge.net/maven-emma-plugin/team-list.html MG>Cobertura has been mentioned continuously by maven devs so I think this is the most implemented used code-coverage plugin http://cobertura.github.io/cobertura/ > > > On 2 May 2016 at 11:22, Martin Gainty <mgai...@hotmail.com> wrote: > > with other apache products to reduce code bloat and reduce deprecated > > packages you might want to run > > maven dependency:treemvn dependency:tree -Dverbose > > https://maven.apache.org/plugins/maven-dependency-plugin/examples/resolving-conflicts-using-the-dependency-tree.html > > compare delta(s) with > > emma code coveragehttp://emma.sourceforge.net/ > > as I have some spare cycles let me know if I can be of any assistance > > Thanks Stian > > Martin > > > > > > > >> From: st...@apache.org > >> Date: Mon, 2 May 2016 03:23:42 +0100 > >> Subject: ECCN cryptography reporting? > >> To: general@incubator.apache.org > >> > >> Hi, > >> > >> Taverna is preparing its cryptography registration for US Export purposes: > >> > >> https://cwiki.apache.org/confluence/display/TAVERNADEV/Taverna+Cryptography+review > >> > >> > >> We want to have this sorted before we make the next release candidate > >> - but we're awaiting LEGAL-250 to see if we can reduce the list of > >> transitive dependencies in this list - it feels excessive if "anything > >> that can do https" needs to be listed (that would presumably affect > >> many more projects) > >> > >> > >> See also http://www.apache.org/dev/crypto.html and already classified > >> ASF products on http://www.apache.org/licenses/exports/ > >> > >> > >> > >> Formally - would it need to be the Incubator PMC chair sending the > >> ECCN encryption email? > >> > >> I'll let you know when it's ready to send. > >> > >> -- > >> Stian Soiland-Reyes > >> Apache Taverna (incubating), Apache Commons RDF (incubating) > >> http://orcid.org/0000-0001-9842-9718 > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > >> For additional commands, e-mail: general-h...@incubator.apache.org > >> > > > > > > -- > Stian Soiland-Reyes > Apache Taverna (incubating), Apache Commons RDF (incubating) > http://orcid.org/0000-0001-9842-9718 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org >
