Simone Gianni wrote:
Hi Bernd,
I'm not explicitly using any cryptographic code in my Magma lab, it's
Maven based and I'm not even using (at least directly) any cryptographic
library. I don't know if some of my dependencies may have a transitive
dependency to a cryptographic library or a library containing some
cryptographic code.
Probably you are fine then. Anything crypto-related which is in SVN or
actively distributed qualifies for a export notification.
maybe
mvn dependency:tree
helps.
What should I write and where? :D Is there a notation for "No crypto
code inside"? I think this is the most common case for labs, so maybe
clarifying this case could help also others.
For more info please refer to http://apache.org/dev/crypto and the
linked FAQ. I am not an expert on this matter, so if you have concrete
questions just ask and we will find someone who can answer this.
Thanks,
Bernd
Simone
Bernd Fondermann wrote:
Fellow researchers,
Another try to get this rolling. And yes, we are late.
According to ASF policy[1] we need to put up crypto notices for every
lab which incorporates cryptographic code/libraries etc.
I kindly ask all PIs and others to report all usages they are aware
of. For those labs which fail to do this, some voices advocated the
immediate removable from svn, although I think we get this figured out
without removing any code from out repository :-)
A first step would be to report to this list, and to attach to a JIRA
item a patch like you see at LABS-134.
Within a week I will then collect these items and process them all at
once.
Thanks,
Bernd
[1] http://apache.org/dev/crypto
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
