Hi Jukka, Am Montag, den 28.01.2008, 11:11 +0200 schrieb Jukka Zitting: > The ASF board is asking all TLPs to review their use of cryptography > and to check that the requirements of the export control policy [1] > are met. Does Sling use cryptography somewhere? If not, it would be > good to add a short note like: "No export control notifications are > needed for Apache Sling."
Yes, Sling does not use crypto and does not contain explicit hooks to use crypto. > > BTW, while trying to review the above I found no clear place where all > the Sling dependencies were listed. Is there any, or could we come up > with one? There is no combined list of dependencies currently. But off the top of my head, the dependencies are three-fold: - Java Runtime (java.* and javax.*) - Apache libraries (jackrabbit, commons, ...) - Thirdparty: CGLIB, Jetty, KXml (I think, that is about it) To get a complete list of dependencies we would have to analyze the dependencies of each pom just like the maven's dependency report does. Regards Felix > > [1] http://www.apache.org/dev/crypto.html > > BR, > > Jukka Zitting
