Seems Julia is in the clear, even with git. I only looked at the SHA1/git side now, and assuming, git only has SHA1:
http://www.apache.org/dev/crypto.html "DO DIGEST ALGORITHMS SUCH AS MD5 AND SHA1 REQUIRE NOTIFICATION? <http://www.apache.org/dev/crypto.html#faq-digest> No. One-way algorithms such as MD5 or SHA1, or more sophisticated implementations, do not require notification - only encryption algorithms." On Monday, March 28, 2016 at 6:24:13 PM UTC, Páll Haraldsson wrote: > > > > On Friday, March 18, 2016 at 4:39:38 PM UTC, Tony Kelman wrote: >> >> No Julia packages are distributed by default, only the Julia code >> included in Base. >> >> libgit2 is only used on julia master, command line git is included and >> used on julia 0.4 and earlier versions. >> > > I found: > > > http://stackoverflow.com/questions/19822627/encryption-in-or-used-by-libgit2-and-libgit2sharp-export-control-classification > > "libgit2 doesn't itself do encryption. It relies on openssl and libssh to > do this, but as open-source projects, they don't require ECCN's either." > > But also in comments: > "It does have a SHA-1 implementation in src/hash/hash_generic.c as a > fall-back in case it doesn't link against OpenSSL (but those cases would be > rare)" > > I'm not sure if SHA-1 is a problem. I assume git to be similar to libgit2. > On Linux, Julia would need no crypto, "outsourcing" to [lib]git[2], that > would also outsource to the system software/OS. > > On Windows, it seems to me (from the download function), that Windows also > has crypto, and Julia wouldn't need to have. > > > Strictly speaking, if git has [fallback] crypto then Julia would be > distributing as a dependency. I'm not sure how easy it is to access for > other uses from Julia. Julia allows with ccall to use libraries, could you > do that way? At least in theory I think you can.. > > -- > Palli. > > > >
