OK, best I could tell, simply linking against OpenSSL and using Java TLS stuff is enough to trigger this notification requirement, and there are no real downsides of going through it. (it's just a notification, no need to wait for review/approval). So, I went ahead and registered us, and I think we're safe to move forward.
I also added some content to our docs here: https://gerrit.cloudera.org/#/c/4905/ -Todd On Mon, Oct 31, 2016 at 12:29 PM, Todd Lipcon <t...@cloudera.com> wrote: > Hey devs, > > I've been looking at this page this morning: > https://www.apache.org/dev/crypto.html > > Still parsing through the fine print, but it seems like we may need to > register Kudu as "containing cryptographic software" before we commit any > of the currently in-flight patches which integrate with OpenSSL. > > I'll do a little further reading on this topic, but please hold off on > pushing any SSL-related code until we've determined whether this is > necessary. Of course code reviews can continue :) > > -Todd > -- > Todd Lipcon > Software Engineer, Cloudera > -- Todd Lipcon Software Engineer, Cloudera
