You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by Norman Barker <no...@gmail.com> on 2010/07/28 21:57:39 UTC
export control notice - multiview
Hi,
I am looking to put some couchdb erlang code for the multiview
integration with couchdb-clucene on my github account for review.
Having consulted with our export control dept here, it seems I should
follow
http://www.apache.org/dev/crypto.html
and I see that Volker has put a note at the bottom of his page
http://github.com/vmx/couchdb
to follow the apache rules this has to be done by the PMC and I see
<Project href="http://couchdb.apache.org/">
<Name>Apache CouchDB Project</Name>
<Contact><Name>Damien Katz</Name></Contact>
<Product id="couchdb" href="http://couchdb.apache.org/">
<Name>Apache CouchDB</Name>
<Version>
<Names>development</Names>
<ECCN>5D002</ECCN>
<ControlledSource href="http://svn.apache.org/repos/asf/couchdb/">
<Manufacturer>ASF</Manufacturer>
<Why>Includes a HTTP client with SSL functionality</Why>
</ControlledSource>
</Version>
<Version>
<Names>0.9.0 and later</Names>
<ECCN>5D002</ECCN>
<ControlledSource href="http://archive.apache.org/dist/couchdb/">
<Manufacturer>ASF</Manufacturer>
<Why>Includes a HTTP client with SSL functionality</Why>
</ControlledSource>
<ControlledSource
href="http://github.com/cmullaparthi/ibrowse/tree/master">
<Manufacturer>ibrowse</Manufacturer>
<Why>HTTP client with SSL functionality</Why>
</ControlledSource>
</Version>
</Product>
</Project>
to put initial code on github what should we do?
Many thanks,
Norman
Re: export control notice - multiview
Posted by Volker Mische <vo...@gmail.com>.
Hi Norman,
I haven't done anything :) It's just the default CouchDB README file.
Cheers,
Volker
On 07/28/2010 09:57 PM, Norman Barker wrote:
> Hi,
>
> I am looking to put some couchdb erlang code for the multiview
> integration with couchdb-clucene on my github account for review.
> Having consulted with our export control dept here, it seems I should
> follow
>
> http://www.apache.org/dev/crypto.html
>
> and I see that Volker has put a note at the bottom of his page
>
> http://github.com/vmx/couchdb
>
> to follow the apache rules this has to be done by the PMC and I see
>
> <Project href="http://couchdb.apache.org/">
> <Name>Apache CouchDB Project</Name>
> <Contact><Name>Damien Katz</Name></Contact>
> <Product id="couchdb" href="http://couchdb.apache.org/">
> <Name>Apache CouchDB</Name>
> <Version>
> <Names>development</Names>
> <ECCN>5D002</ECCN>
> <ControlledSource href="http://svn.apache.org/repos/asf/couchdb/">
> <Manufacturer>ASF</Manufacturer>
> <Why>Includes a HTTP client with SSL functionality</Why>
> </ControlledSource>
> </Version>
> <Version>
> <Names>0.9.0 and later</Names>
> <ECCN>5D002</ECCN>
> <ControlledSource href="http://archive.apache.org/dist/couchdb/">
> <Manufacturer>ASF</Manufacturer>
> <Why>Includes a HTTP client with SSL functionality</Why>
> </ControlledSource>
> <ControlledSource
> href="http://github.com/cmullaparthi/ibrowse/tree/master">
> <Manufacturer>ibrowse</Manufacturer>
> <Why>HTTP client with SSL functionality</Why>
> </ControlledSource>
> </Version>
> </Product>
> </Project>
>
>
> to put initial code on github what should we do?
>
> Many thanks,
>
> Norman
Re: export control notice - multiview
Posted by J Chris Anderson <jc...@gmail.com>.
On Jul 28, 2010, at 8:55 PM, Norman Barker wrote:
> Hi Chris,
>
> I work for ITT VIS and we would really like to give this multiview for
> consideration by the community (as well as other patches). I have
> passed this to our legal dept and they would like us to follow
> http://www.apache.org/dev/crypto.html, I believe this has already been
> followed since Damien has his name on the XML below as PMC chair.
> Whatever procedure Damien followed should be documented so that other
> US companies can contribute. I believe that all is sufficient is a
> paper trail to show that the necessary govt depts have been notified
> about cryptography (in this case SSL) components in the software.
>
> This is a complicated area, and you really don't want a fine (see
> http://findarticles.com/p/articles/mi_6712/is_58_233/ai_n29340678/),
> so if a procedure should be established within couchdb. If covered by
> Apache politics then great, my code will be up asap, but it needs
> confirmation by the PMC of CouchDB and a documented way of forking on
> github.
>
Are you suggesting that any company that shares patches (even ones like yours, completely unrelated to any SSL functionality) needs to be listed on the XML document? I think that is false.
The document at http://www.apache.org/dev/crypto.html says that only a PMC member needs to be listed.
It seems that most (all?) of the projects listed in
https://svn.apache.org/repos/asf/infrastructure/site/trunk/xdocs/licenses/exports/index.xml
have only a single contact.
I think part of the point of the ASF is to handle these issues on a collective basis so that folks like us can just write code.
I'm glad that you are looking at the issue carefully, and if you think I'm misunderstanding it, please correct me.
Chris
> Norman
>
> On Wed, Jul 28, 2010 at 8:23 PM, J Chris Anderson <jc...@apache.org> wrote:
>>
>> On Jul 28, 2010, at 2:18 PM, Norman Barker wrote:
>>
>>> Hi Volker,
>>>
>>> thanks for letting me know, in that case can we have clarification
>>> from someone on the PMC?
>>>
>>> This is a serious issue for US companies wanting to contribute to Couch.
>>>
>>
>> Thanks Norman,
>>
>> It's my understanding that we have this all nicely managed via the Apache policies.
>>
>> Could you elaborate on your specific concerns?
>>
>> I think you can just fork http://github.com/apache/couchdb, make your changes in your local fork, and then email the list with the URL for your topic branch.
>>
>> Once the community has given feedback on your work, it should be submitted to the project as a patch via Jira, so that you can check off the appropriate Apache License checkbox: https://issues.apache.org/jira/browse/COUCHDB
>>
>> Chris
>>
>>> thanks,
>>>
>>> Norman
>>>
>>> On Wed, Jul 28, 2010 at 2:28 PM, Volker Mische <vo...@gmail.com> wrote:
>>>> Hi Norman,
>>>>
>>>> I haven't done anything :) It's just the default CouchDB README file.
>>>>
>>>> Cheers,
>>>> Volker
>>>>
>>>> On 07/28/2010 09:57 PM, Norman Barker wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> I am looking to put some couchdb erlang code for the multiview
>>>>> integration with couchdb-clucene on my github account for review.
>>>>> Having consulted with our export control dept here, it seems I should
>>>>> follow
>>>>>
>>>>> http://www.apache.org/dev/crypto.html
>>>>>
>>>>> and I see that Volker has put a note at the bottom of his page
>>>>>
>>>>> http://github.com/vmx/couchdb
>>>>>
>>>>> to follow the apache rules this has to be done by the PMC and I see
>>>>>
>>>>> <Project href="http://couchdb.apache.org/">
>>>>> <Name>Apache CouchDB Project</Name>
>>>>> <Contact><Name>Damien Katz</Name></Contact>
>>>>> <Product id="couchdb" href="http://couchdb.apache.org/">
>>>>> <Name>Apache CouchDB</Name>
>>>>> <Version>
>>>>> <Names>development</Names>
>>>>> <ECCN>5D002</ECCN>
>>>>> <ControlledSource href="http://svn.apache.org/repos/asf/couchdb/">
>>>>> <Manufacturer>ASF</Manufacturer>
>>>>> <Why>Includes a HTTP client with SSL functionality</Why>
>>>>> </ControlledSource>
>>>>> </Version>
>>>>> <Version>
>>>>> <Names>0.9.0 and later</Names>
>>>>> <ECCN>5D002</ECCN>
>>>>> <ControlledSource href="http://archive.apache.org/dist/couchdb/">
>>>>> <Manufacturer>ASF</Manufacturer>
>>>>> <Why>Includes a HTTP client with SSL functionality</Why>
>>>>> </ControlledSource>
>>>>> <ControlledSource
>>>>> href="http://github.com/cmullaparthi/ibrowse/tree/master">
>>>>> <Manufacturer>ibrowse</Manufacturer>
>>>>> <Why>HTTP client with SSL functionality</Why>
>>>>> </ControlledSource>
>>>>> </Version>
>>>>> </Product>
>>>>> </Project>
>>>>>
>>>>>
>>>>> to put initial code on github what should we do?
>>>>>
>>>>> Many thanks,
>>>>>
>>>>> Norman
>>>>
>>>>
>>
>>
Re: export control notice - multiview
Posted by Norman Barker <no...@gmail.com>.
Dirk-Willem and Chris,
thanks for your help on this, I have passed this through our legal
dept and I am good to add the code to github.
The code will be going up by the w/end, I am going to add a few
installation instructions.
Norman
On Thu, Jul 29, 2010 at 5:10 AM, Dirk-Willem van Gulik
<Di...@bbc.co.uk> wrote:
>
> On 29 Jul 2010, at 04:55, Norman Barker wrote:
>
>> I work for ITT VIS and we would really like to give this multiview for
>> consideration by the community (as well as other patches)*. I have
>> passed this to our legal dept and they would like us to follow
>> http://www.apache.org/dev/crypto.html, I believe this has already been
>> followed since Damien has his name on the XML below as PMC chair.
>
> Have a look at:
>
> http://www.apache.org/licenses/exports/
>
>> Whatever procedure Damien followed should be documented so that other
>> US companies can contribute. I believe that all is sufficient is a
>
> Please see
> http://www.apache.org/dev/crypto.html
>
>> paper trail to show that the necessary govt depts have been notified
>> about cryptography (in this case SSL) components in the software.
>
> If the entry is there -
>
> http://www.apache.org/licenses/exports/
>
> you can be sure that the PMC followed the right path and that this is under the normal oversight by the board of the foundation. And the board is to oversee that PMCs keep doing this right; and PMCs are to ensure their area's are all doing the right things; and that each release has its t's crossed and i's dotted.
>
> Or in other words - you have confirmation that the legal entity responsible (the ASF) has, and is, carrying out the right steps.
>
> Every time a release is rolled - it is the PMCs tasks to oversee that - and specifically they are expected to keep an eye on the correctness of above corporate records; and bring them up to date if needed.
>
> It is very good practice to alert the Dev community and the PMC when doing contributions such as this; as the process described on
>
> http://www.apache.org/dev/crypto.html
>
> titled 'Check the Export Control Classification Number (ECCN)' with regard to qualification under 740.13(e) as ECCN 5D002 is not trivial (though it does over a large swath).
>
> And if a project is particularly worried, say because it has a lot of small moving crypto, you could simply add a step to your release process which says 're-evaluate ECCN qualification if any crypto code was added or changed relative to prior releases'.
>
> But in this case - the PMC seems to have this well under control and releases get their i's dotted and t's crossed.
>
> Thanks,
>
> Dw.
>
> *: I am skipping the usual verbiage on CCLA and/or iCLA being on file, etc.
>
>
Re: export control notice - multiview
Posted by Dirk-Willem van Gulik <Di...@BBC.co.uk>.
On 29 Jul 2010, at 04:55, Norman Barker wrote:
> I work for ITT VIS and we would really like to give this multiview for
> consideration by the community (as well as other patches)*. I have
> passed this to our legal dept and they would like us to follow
> http://www.apache.org/dev/crypto.html, I believe this has already been
> followed since Damien has his name on the XML below as PMC chair.
Have a look at:
http://www.apache.org/licenses/exports/
> Whatever procedure Damien followed should be documented so that other
> US companies can contribute. I believe that all is sufficient is a
Please see
http://www.apache.org/dev/crypto.html
> paper trail to show that the necessary govt depts have been notified
> about cryptography (in this case SSL) components in the software.
If the entry is there -
http://www.apache.org/licenses/exports/
you can be sure that the PMC followed the right path and that this is under the normal oversight by the board of the foundation. And the board is to oversee that PMCs keep doing this right; and PMCs are to ensure their area's are all doing the right things; and that each release has its t's crossed and i's dotted.
Or in other words - you have confirmation that the legal entity responsible (the ASF) has, and is, carrying out the right steps.
Every time a release is rolled - it is the PMCs tasks to oversee that - and specifically they are expected to keep an eye on the correctness of above corporate records; and bring them up to date if needed.
It is very good practice to alert the Dev community and the PMC when doing contributions such as this; as the process described on
http://www.apache.org/dev/crypto.html
titled 'Check the Export Control Classification Number (ECCN)' with regard to qualification under 740.13(e) as ECCN 5D002 is not trivial (though it does over a large swath).
And if a project is particularly worried, say because it has a lot of small moving crypto, you could simply add a step to your release process which says 're-evaluate ECCN qualification if any crypto code was added or changed relative to prior releases'.
But in this case - the PMC seems to have this well under control and releases get their i's dotted and t's crossed.
Thanks,
Dw.
*: I am skipping the usual verbiage on CCLA and/or iCLA being on file, etc.
Re: export control notice - multiview
Posted by Norman Barker <no...@gmail.com>.
Hi Chris,
I work for ITT VIS and we would really like to give this multiview for
consideration by the community (as well as other patches). I have
passed this to our legal dept and they would like us to follow
http://www.apache.org/dev/crypto.html, I believe this has already been
followed since Damien has his name on the XML below as PMC chair.
Whatever procedure Damien followed should be documented so that other
US companies can contribute. I believe that all is sufficient is a
paper trail to show that the necessary govt depts have been notified
about cryptography (in this case SSL) components in the software.
This is a complicated area, and you really don't want a fine (see
http://findarticles.com/p/articles/mi_6712/is_58_233/ai_n29340678/),
so if a procedure should be established within couchdb. If covered by
Apache politics then great, my code will be up asap, but it needs
confirmation by the PMC of CouchDB and a documented way of forking on
github.
Norman
On Wed, Jul 28, 2010 at 8:23 PM, J Chris Anderson <jc...@apache.org> wrote:
>
> On Jul 28, 2010, at 2:18 PM, Norman Barker wrote:
>
>> Hi Volker,
>>
>> thanks for letting me know, in that case can we have clarification
>> from someone on the PMC?
>>
>> This is a serious issue for US companies wanting to contribute to Couch.
>>
>
> Thanks Norman,
>
> It's my understanding that we have this all nicely managed via the Apache policies.
>
> Could you elaborate on your specific concerns?
>
> I think you can just fork http://github.com/apache/couchdb, make your changes in your local fork, and then email the list with the URL for your topic branch.
>
> Once the community has given feedback on your work, it should be submitted to the project as a patch via Jira, so that you can check off the appropriate Apache License checkbox: https://issues.apache.org/jira/browse/COUCHDB
>
> Chris
>
>> thanks,
>>
>> Norman
>>
>> On Wed, Jul 28, 2010 at 2:28 PM, Volker Mische <vo...@gmail.com> wrote:
>>> Hi Norman,
>>>
>>> I haven't done anything :) It's just the default CouchDB README file.
>>>
>>> Cheers,
>>> Volker
>>>
>>> On 07/28/2010 09:57 PM, Norman Barker wrote:
>>>>
>>>> Hi,
>>>>
>>>> I am looking to put some couchdb erlang code for the multiview
>>>> integration with couchdb-clucene on my github account for review.
>>>> Having consulted with our export control dept here, it seems I should
>>>> follow
>>>>
>>>> http://www.apache.org/dev/crypto.html
>>>>
>>>> and I see that Volker has put a note at the bottom of his page
>>>>
>>>> http://github.com/vmx/couchdb
>>>>
>>>> to follow the apache rules this has to be done by the PMC and I see
>>>>
>>>> <Project href="http://couchdb.apache.org/">
>>>> <Name>Apache CouchDB Project</Name>
>>>> <Contact><Name>Damien Katz</Name></Contact>
>>>> <Product id="couchdb" href="http://couchdb.apache.org/">
>>>> <Name>Apache CouchDB</Name>
>>>> <Version>
>>>> <Names>development</Names>
>>>> <ECCN>5D002</ECCN>
>>>> <ControlledSource href="http://svn.apache.org/repos/asf/couchdb/">
>>>> <Manufacturer>ASF</Manufacturer>
>>>> <Why>Includes a HTTP client with SSL functionality</Why>
>>>> </ControlledSource>
>>>> </Version>
>>>> <Version>
>>>> <Names>0.9.0 and later</Names>
>>>> <ECCN>5D002</ECCN>
>>>> <ControlledSource href="http://archive.apache.org/dist/couchdb/">
>>>> <Manufacturer>ASF</Manufacturer>
>>>> <Why>Includes a HTTP client with SSL functionality</Why>
>>>> </ControlledSource>
>>>> <ControlledSource
>>>> href="http://github.com/cmullaparthi/ibrowse/tree/master">
>>>> <Manufacturer>ibrowse</Manufacturer>
>>>> <Why>HTTP client with SSL functionality</Why>
>>>> </ControlledSource>
>>>> </Version>
>>>> </Product>
>>>> </Project>
>>>>
>>>>
>>>> to put initial code on github what should we do?
>>>>
>>>> Many thanks,
>>>>
>>>> Norman
>>>
>>>
>
>
Re: export control notice - multiview
Posted by J Chris Anderson <jc...@apache.org>.
On Jul 28, 2010, at 2:18 PM, Norman Barker wrote:
> Hi Volker,
>
> thanks for letting me know, in that case can we have clarification
> from someone on the PMC?
>
> This is a serious issue for US companies wanting to contribute to Couch.
>
Thanks Norman,
It's my understanding that we have this all nicely managed via the Apache policies.
Could you elaborate on your specific concerns?
I think you can just fork http://github.com/apache/couchdb, make your changes in your local fork, and then email the list with the URL for your topic branch.
Once the community has given feedback on your work, it should be submitted to the project as a patch via Jira, so that you can check off the appropriate Apache License checkbox: https://issues.apache.org/jira/browse/COUCHDB
Chris
> thanks,
>
> Norman
>
> On Wed, Jul 28, 2010 at 2:28 PM, Volker Mische <vo...@gmail.com> wrote:
>> Hi Norman,
>>
>> I haven't done anything :) It's just the default CouchDB README file.
>>
>> Cheers,
>> Volker
>>
>> On 07/28/2010 09:57 PM, Norman Barker wrote:
>>>
>>> Hi,
>>>
>>> I am looking to put some couchdb erlang code for the multiview
>>> integration with couchdb-clucene on my github account for review.
>>> Having consulted with our export control dept here, it seems I should
>>> follow
>>>
>>> http://www.apache.org/dev/crypto.html
>>>
>>> and I see that Volker has put a note at the bottom of his page
>>>
>>> http://github.com/vmx/couchdb
>>>
>>> to follow the apache rules this has to be done by the PMC and I see
>>>
>>> <Project href="http://couchdb.apache.org/">
>>> <Name>Apache CouchDB Project</Name>
>>> <Contact><Name>Damien Katz</Name></Contact>
>>> <Product id="couchdb" href="http://couchdb.apache.org/">
>>> <Name>Apache CouchDB</Name>
>>> <Version>
>>> <Names>development</Names>
>>> <ECCN>5D002</ECCN>
>>> <ControlledSource href="http://svn.apache.org/repos/asf/couchdb/">
>>> <Manufacturer>ASF</Manufacturer>
>>> <Why>Includes a HTTP client with SSL functionality</Why>
>>> </ControlledSource>
>>> </Version>
>>> <Version>
>>> <Names>0.9.0 and later</Names>
>>> <ECCN>5D002</ECCN>
>>> <ControlledSource href="http://archive.apache.org/dist/couchdb/">
>>> <Manufacturer>ASF</Manufacturer>
>>> <Why>Includes a HTTP client with SSL functionality</Why>
>>> </ControlledSource>
>>> <ControlledSource
>>> href="http://github.com/cmullaparthi/ibrowse/tree/master">
>>> <Manufacturer>ibrowse</Manufacturer>
>>> <Why>HTTP client with SSL functionality</Why>
>>> </ControlledSource>
>>> </Version>
>>> </Product>
>>> </Project>
>>>
>>>
>>> to put initial code on github what should we do?
>>>
>>> Many thanks,
>>>
>>> Norman
>>
>>
Re: export control notice - multiview
Posted by Norman Barker <no...@gmail.com>.
Hi Volker,
thanks for letting me know, in that case can we have clarification
from someone on the PMC?
This is a serious issue for US companies wanting to contribute to Couch.
thanks,
Norman
On Wed, Jul 28, 2010 at 2:28 PM, Volker Mische <vo...@gmail.com> wrote:
> Hi Norman,
>
> I haven't done anything :) It's just the default CouchDB README file.
>
> Cheers,
> Volker
>
> On 07/28/2010 09:57 PM, Norman Barker wrote:
>>
>> Hi,
>>
>> I am looking to put some couchdb erlang code for the multiview
>> integration with couchdb-clucene on my github account for review.
>> Having consulted with our export control dept here, it seems I should
>> follow
>>
>> http://www.apache.org/dev/crypto.html
>>
>> and I see that Volker has put a note at the bottom of his page
>>
>> http://github.com/vmx/couchdb
>>
>> to follow the apache rules this has to be done by the PMC and I see
>>
>> <Project href="http://couchdb.apache.org/">
>> <Name>Apache CouchDB Project</Name>
>> <Contact><Name>Damien Katz</Name></Contact>
>> <Product id="couchdb" href="http://couchdb.apache.org/">
>> <Name>Apache CouchDB</Name>
>> <Version>
>> <Names>development</Names>
>> <ECCN>5D002</ECCN>
>> <ControlledSource href="http://svn.apache.org/repos/asf/couchdb/">
>> <Manufacturer>ASF</Manufacturer>
>> <Why>Includes a HTTP client with SSL functionality</Why>
>> </ControlledSource>
>> </Version>
>> <Version>
>> <Names>0.9.0 and later</Names>
>> <ECCN>5D002</ECCN>
>> <ControlledSource href="http://archive.apache.org/dist/couchdb/">
>> <Manufacturer>ASF</Manufacturer>
>> <Why>Includes a HTTP client with SSL functionality</Why>
>> </ControlledSource>
>> <ControlledSource
>> href="http://github.com/cmullaparthi/ibrowse/tree/master">
>> <Manufacturer>ibrowse</Manufacturer>
>> <Why>HTTP client with SSL functionality</Why>
>> </ControlledSource>
>> </Version>
>> </Product>
>> </Project>
>>
>>
>> to put initial code on github what should we do?
>>
>> Many thanks,
>>
>> Norman
>
>
Re: export control notice - multiview
Posted by Volker Mische <vo...@gmail.com>.
Hi Norman,
I haven't done anything :) It's just the default CouchDB README file.
Cheers,
Volker
On 07/28/2010 09:57 PM, Norman Barker wrote:
> Hi,
>
> I am looking to put some couchdb erlang code for the multiview
> integration with couchdb-clucene on my github account for review.
> Having consulted with our export control dept here, it seems I should
> follow
>
> http://www.apache.org/dev/crypto.html
>
> and I see that Volker has put a note at the bottom of his page
>
> http://github.com/vmx/couchdb
>
> to follow the apache rules this has to be done by the PMC and I see
>
> <Project href="http://couchdb.apache.org/">
> <Name>Apache CouchDB Project</Name>
> <Contact><Name>Damien Katz</Name></Contact>
> <Product id="couchdb" href="http://couchdb.apache.org/">
> <Name>Apache CouchDB</Name>
> <Version>
> <Names>development</Names>
> <ECCN>5D002</ECCN>
> <ControlledSource href="http://svn.apache.org/repos/asf/couchdb/">
> <Manufacturer>ASF</Manufacturer>
> <Why>Includes a HTTP client with SSL functionality</Why>
> </ControlledSource>
> </Version>
> <Version>
> <Names>0.9.0 and later</Names>
> <ECCN>5D002</ECCN>
> <ControlledSource href="http://archive.apache.org/dist/couchdb/">
> <Manufacturer>ASF</Manufacturer>
> <Why>Includes a HTTP client with SSL functionality</Why>
> </ControlledSource>
> <ControlledSource
> href="http://github.com/cmullaparthi/ibrowse/tree/master">
> <Manufacturer>ibrowse</Manufacturer>
> <Why>HTTP client with SSL functionality</Why>
> </ControlledSource>
> </Version>
> </Product>
> </Project>
>
>
> to put initial code on github what should we do?
>
> Many thanks,
>
> Norman