You are viewing a plain text version of this content. The canonical link for it is here.

Posted to legal-discuss@apache.org by sebb <se...@gmail.com> on 2008/03/17 16:24:41 UTC

Crypto notice on download pages?

The page:

http://www.apache.org/dev/crypto.html

has a link entitled:

"4. Inform users with a crypto notice in the distribution's README and
download pages."

however, the target of the link:

http://www.apache.org/dev/crypto.html#inform

only describes the README changes, and does not cover download pages.

Is the link title wrong, or is there some missing information about
what needs to be put on the download pages?

Sebb.

---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only.  Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF.  See <http://www.apache.org/licenses/> for
official ASF policies and documents.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

Re: Crypto notice on download pages?

Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.

sebb wrote:
> The page:
> 
> http://www.apache.org/dev/crypto.html
> 
> has a link entitled:
> 
> "4. Inform users with a crypto notice in the distribution's README and
> download pages."
> 
> however, the target of the link:
> 
> http://www.apache.org/dev/crypto.html#inform
> 
> only describes the README changes, and does not cover download pages.
> 
> Is the link title wrong, or is there some missing information about
> what needs to be put on the download pages?

I think it's a bit varied, so it is less than trivial.  But we have just
a couple of cases ("binary distribution includes OpenSSL"... "binary
distribution includes BouncyCastle"... "requires JSSE support .jars"...)
that I think we could add those general cases to the examples.

The example on the httpd download page is very simple...

* Win32 Binary without crypto (no mod_ssl) (MSI Installer):
     <a href=...>apache_2.2.8-win32-x86-no_ssl.msi</a> [PGP] [MD5]
* Win32 Binary including OpenSSL 0.9.8g (MSI Installer):
     <a href=...>apache_2.2.8-win32-x86-openssl-0.9.8g.msi</a> [PGP] [MD5]

By rights a more general statement that the sources can be compiled with
cryptography should probably be added, but this is a start.

Bill

---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only.  Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF.  See <http://www.apache.org/licenses/> for
official ASF policies and documents.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org