You are viewing a plain text version of this content. The canonical link for it is here.

Posted to log4net-dev@logging.apache.org by Curt Arnold <ca...@apache.org> on 2008/02/08 01:32:32 UTC

Cryptography and Export considerations for log4net, quarterly board report

All PMC Chairs have been requested to report on the use of  
cryptography within their projects in their quarterly board reports  
(which are due shortly).

I did a quick scan on the log4net for "crypto" and found mentions in  
three places:

cs/src/AssemblyInfo.cs
src/AssemblyInfo.cs
Describes process of digitally signing assembly.

src/Appender/FileAppender.cs
Describes process of user overriding method to use a encrypted stream.

src/Util/PatternStringConverters/RandomStringPatternConverter.cs
Mentions that random number generator used isn't cryptographically  
secure.

src/Util/SystemInfo.cs
Implements a newGuid() function on .NET Compact Framework 1.0 by  
calling Win32's CryptGenRandom.


Did I miss any other application of cryptography in log4net that may  
need to be reviewed?

Any other news for the board for this quarter?