You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wookie.apache.org by Paul Sharples <p....@bolton.ac.uk> on 2012/10/11 16:14:33 UTC
Re: [VOTE] Apache Wookie 0.12.0-incubating Release Candidate
On 31/08/2012 10:24, Scott Wilson wrote:
> On 31 Aug 2012, at 02:05, Franklin, Matthew B. wrote:
>
>> On 8/30/12 4:44 PM, "Ate Douma" <at...@douma.nu> wrote:
>>
>>> Hi team,
>>>
>>> I've checked this release candidate and I *think* I can vote +1 on this,
>>> but I'm
>>> not sure about maybe one important thing: if this version might be
>>> embedding
>>> restricted cryptography functionality, or not:
>>>
>>> This version adds Apache Santuario xmlsec-1.5.2.jar for W3C XML Digital
>>> Signatures support. AFAIK Santuario can be used to encrypt XML. Even if
>>> Wookie
>>> doesn't, if it is bundled this release might be considered 'exporting'
>>> cryptography functionality. I'm totally unexperienced in this regard for
>>> what
>>> the rules/restrictions etc. are [1], and/or if something needs to be done
>>> before
>>> dealing with this [2].
>> IMO, this might be best discussed with legal. The crypto site notes that
>> an update to the language was posted by the US IBS in 2010 but the text of
>> our site hasn't been updated. Better safe than sorry.
> I've created a new Question ticket in Legal Discuss for this:
>
> https://issues.apache.org/jira/browse/LEGAL-148
Its now been six weeks without an answer from legal and it looks as
though we will never get one.
How do we we proceed?
Apologies to all for not picking this up sooner, but I have been swamped
this last month.
Paul
>
>>> I couldn't find anything concerning this on the Santuario site, so
>>> maybe/probably I'm just making noise, but as the Incubator mentor guide
>>> says
>>> this *must* be checked [3], I'm raising this now.
>>>
>>> If already checked and/or a false alarm then I apologize for the trouble,
>>> and if
>>> this is resolved or can be ignored, I vote +1 for this release candidate.
>> I too am +1 pending legal's sign off on the crypto
>>
>>
>>> Besides the above, there are two other minor issues:
>>> - The current LICENSE file(s) have encoding errors since the addition of
>>> the
>>> xmldsig-core-schema.xsd section at the end.
>>>
>>> - The xmlsec-1.5.2.jar doesn't come with an embedded NOTICE/LICENSE file
>>> itself
>>> (which should be an issue for Apache Santuario), but the download
>>> distribution
>>> does, and it has a few extra NOTICEs. We thus should also carry these
>>> additions
>>> IMO, but this can be done with next release I think.
>>>
>>> Regards, Ate
>>>
>>> [1] http://www.apache.org/dev/crypto.html
>>> [2] http://www.apache.org/licenses/exports/
>>> [3] http://incubator.apache.org/guides/mentor.html#crypto-audit
>>>
>>> On 08/22/2012 11:26 PM, Paul Sharples wrote:
>>>> This is the 6th incubator release for Apache Wookie, with the artifacts
>>>> being
>>>> versioned as 0.12.0-incubating.
>>>>
>>>> We are requesting a vote via wookie-dev for the release of the
>>>> artifacts in the
>>>> first instance found here...
>>>>
>>>> http://people.apache.org/builds/incubator/wookie/0.12.0-incubating/
>>>>
>>>> ...as the final 0.12.0-incubating release.
>>>>
>>>> PGP release keys (signed using DDED352A):
>>>>
>>>> http://www.apache.org/dist/incubator/wookie/KEYS
>>>>
>>>> Additionally there are 3 sets of maven artifacts, which we hope will
>>>> help
>>>> others to integrate WOOKIE into their own applications. These are...
>>>>
>>>> 1. Wookie itself as a downloadable WAR
>>>> 2. The W3C parser
>>>> 3. The Java connector framework
>>>>
>>>> These artifacts are now in the staging area found here...
>>>>
>>>> https://repository.apache.org/content/repositories/orgapachewookie-001/
>>>>
>>>> Please take the time to verify the artifacts before casting your vote.
>>>>
>>>> Vote will be open at least 72 hours but until we receive most of the
>>>> committers
>>>> votes.
>>>>
>>>> [ ] +1 approve
>>>> [ ] +0 no opinion
>>>> [ ] -1 disapprove (and reason why)
>
>
> -----
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 2012.0.2197 / Virus Database: 2437/5227 - Release Date: 08/27/12
> Internal Virus Database is out of date.
>
Re: [VOTE] Apache Wookie 0.12.0-incubating Release Candidate
Posted by Ross Gardler <rg...@opendirective.com>.
Dear leagal-discuss,
The Wookie podling needs and answer on ticket
https://issues.apache.org/jira/browse/LEGAL-148
That ticket has been open for six weeks with no response. It is blocking a
release and since Wookie has a four weekly release cycle a six week delay
is very significant. It is also, in the case slowing graduation.
We'd really appreciate someone taking look. If a response is not
forthcoming because of a lack of info please let the podling know so they
can explain further.
Thank you.
https://issues.apache.org/jira/browse/LEGAL-148
Ross
Sent from my tablet
On Oct 11, 2012 3:15 PM, "Paul Sharples" <p....@bolton.ac.uk> wrote:
> On 31/08/2012 10:24, Scott Wilson wrote:
>
>> On 31 Aug 2012, at 02:05, Franklin, Matthew B. wrote:
>>
>> On 8/30/12 4:44 PM, "Ate Douma" <at...@douma.nu> wrote:
>>>
>>> Hi team,
>>>>
>>>> I've checked this release candidate and I *think* I can vote +1 on this,
>>>> but I'm
>>>> not sure about maybe one important thing: if this version might be
>>>> embedding
>>>> restricted cryptography functionality, or not:
>>>>
>>>> This version adds Apache Santuario xmlsec-1.5.2.jar for W3C XML Digital
>>>> Signatures support. AFAIK Santuario can be used to encrypt XML. Even if
>>>> Wookie
>>>> doesn't, if it is bundled this release might be considered 'exporting'
>>>> cryptography functionality. I'm totally unexperienced in this regard for
>>>> what
>>>> the rules/restrictions etc. are [1], and/or if something needs to be
>>>> done
>>>> before
>>>> dealing with this [2].
>>>>
>>> IMO, this might be best discussed with legal. The crypto site notes that
>>> an update to the language was posted by the US IBS in 2010 but the text
>>> of
>>> our site hasn't been updated. Better safe than sorry.
>>>
>> I've created a new Question ticket in Legal Discuss for this:
>>
>> https://issues.apache.org/**jira/browse/LEGAL-148<https://issues.apache.org/jira/browse/LEGAL-148>
>>
>
> Its now been six weeks without an answer from legal and it looks as though
> we will never get one.
> How do we we proceed?
>
> Apologies to all for not picking this up sooner, but I have been swamped
> this last month.
>
> Paul
>
>
>> I couldn't find anything concerning this on the Santuario site, so
>>>> maybe/probably I'm just making noise, but as the Incubator mentor guide
>>>> says
>>>> this *must* be checked [3], I'm raising this now.
>>>>
>>>> If already checked and/or a false alarm then I apologize for the
>>>> trouble,
>>>> and if
>>>> this is resolved or can be ignored, I vote +1 for this release
>>>> candidate.
>>>>
>>> I too am +1 pending legal's sign off on the crypto
>>>
>>>
>>> Besides the above, there are two other minor issues:
>>>> - The current LICENSE file(s) have encoding errors since the addition of
>>>> the
>>>> xmldsig-core-schema.xsd section at the end.
>>>>
>>>> - The xmlsec-1.5.2.jar doesn't come with an embedded NOTICE/LICENSE file
>>>> itself
>>>> (which should be an issue for Apache Santuario), but the download
>>>> distribution
>>>> does, and it has a few extra NOTICEs. We thus should also carry these
>>>> additions
>>>> IMO, but this can be done with next release I think.
>>>>
>>>> Regards, Ate
>>>>
>>>> [1] http://www.apache.org/dev/**crypto.html<http://www.apache.org/dev/crypto.html>
>>>> [2] http://www.apache.org/**licenses/exports/<http://www.apache.org/licenses/exports/>
>>>> [3] http://incubator.apache.org/**guides/mentor.html#crypto-**audit<http://incubator.apache.org/guides/mentor.html#crypto-audit>
>>>>
>>>> On 08/22/2012 11:26 PM, Paul Sharples wrote:
>>>>
>>>>> This is the 6th incubator release for Apache Wookie, with the artifacts
>>>>> being
>>>>> versioned as 0.12.0-incubating.
>>>>>
>>>>> We are requesting a vote via wookie-dev for the release of the
>>>>> artifacts in the
>>>>> first instance found here...
>>>>>
>>>>> http://people.apache.org/**builds/incubator/wookie/0.12.**
>>>>> 0-incubating/<http://people.apache.org/builds/incubator/wookie/0.12.0-incubating/>
>>>>>
>>>>> ...as the final 0.12.0-incubating release.
>>>>>
>>>>> PGP release keys (signed using DDED352A):
>>>>>
>>>>> http://www.apache.org/dist/**incubator/wookie/KEYS<http://www.apache.org/dist/incubator/wookie/KEYS>
>>>>>
>>>>> Additionally there are 3 sets of maven artifacts, which we hope will
>>>>> help
>>>>> others to integrate WOOKIE into their own applications. These are...
>>>>>
>>>>> 1. Wookie itself as a downloadable WAR
>>>>> 2. The W3C parser
>>>>> 3. The Java connector framework
>>>>>
>>>>> These artifacts are now in the staging area found here...
>>>>>
>>>>> https://repository.apache.org/**content/repositories/**
>>>>> orgapachewookie-001/<https://repository.apache.org/content/repositories/orgapachewookie-001/>
>>>>>
>>>>> Please take the time to verify the artifacts before casting your vote.
>>>>>
>>>>> Vote will be open at least 72 hours but until we receive most of the
>>>>> committers
>>>>> votes.
>>>>>
>>>>> [ ] +1 approve
>>>>> [ ] +0 no opinion
>>>>> [ ] -1 disapprove (and reason why)
>>>>>
>>>>
>>
>> -----
>> No virus found in this message.
>> Checked by AVG - www.avg.com
>> Version: 2012.0.2197 / Virus Database: 2437/5227 - Release Date: 08/27/12
>> Internal Virus Database is out of date.
>>
>>
>
Re: [VOTE] Apache Wookie 0.12.0-incubating Release Candidate
Posted by Ross Gardler <rg...@opendirective.com>.
Dear leagal-discuss,
The Wookie podling needs and answer on ticket
https://issues.apache.org/jira/browse/LEGAL-148
That ticket has been open for six weeks with no response. It is blocking a
release and since Wookie has a four weekly release cycle a six week delay
is very significant. It is also, in the case slowing graduation.
We'd really appreciate someone taking look. If a response is not
forthcoming because of a lack of info please let the podling know so they
can explain further.
Thank you.
https://issues.apache.org/jira/browse/LEGAL-148
Ross
Sent from my tablet
On Oct 11, 2012 3:15 PM, "Paul Sharples" <p....@bolton.ac.uk> wrote:
> On 31/08/2012 10:24, Scott Wilson wrote:
>
>> On 31 Aug 2012, at 02:05, Franklin, Matthew B. wrote:
>>
>> On 8/30/12 4:44 PM, "Ate Douma" <at...@douma.nu> wrote:
>>>
>>> Hi team,
>>>>
>>>> I've checked this release candidate and I *think* I can vote +1 on this,
>>>> but I'm
>>>> not sure about maybe one important thing: if this version might be
>>>> embedding
>>>> restricted cryptography functionality, or not:
>>>>
>>>> This version adds Apache Santuario xmlsec-1.5.2.jar for W3C XML Digital
>>>> Signatures support. AFAIK Santuario can be used to encrypt XML. Even if
>>>> Wookie
>>>> doesn't, if it is bundled this release might be considered 'exporting'
>>>> cryptography functionality. I'm totally unexperienced in this regard for
>>>> what
>>>> the rules/restrictions etc. are [1], and/or if something needs to be
>>>> done
>>>> before
>>>> dealing with this [2].
>>>>
>>> IMO, this might be best discussed with legal. The crypto site notes that
>>> an update to the language was posted by the US IBS in 2010 but the text
>>> of
>>> our site hasn't been updated. Better safe than sorry.
>>>
>> I've created a new Question ticket in Legal Discuss for this:
>>
>> https://issues.apache.org/**jira/browse/LEGAL-148<https://issues.apache.org/jira/browse/LEGAL-148>
>>
>
> Its now been six weeks without an answer from legal and it looks as though
> we will never get one.
> How do we we proceed?
>
> Apologies to all for not picking this up sooner, but I have been swamped
> this last month.
>
> Paul
>
>
>> I couldn't find anything concerning this on the Santuario site, so
>>>> maybe/probably I'm just making noise, but as the Incubator mentor guide
>>>> says
>>>> this *must* be checked [3], I'm raising this now.
>>>>
>>>> If already checked and/or a false alarm then I apologize for the
>>>> trouble,
>>>> and if
>>>> this is resolved or can be ignored, I vote +1 for this release
>>>> candidate.
>>>>
>>> I too am +1 pending legal's sign off on the crypto
>>>
>>>
>>> Besides the above, there are two other minor issues:
>>>> - The current LICENSE file(s) have encoding errors since the addition of
>>>> the
>>>> xmldsig-core-schema.xsd section at the end.
>>>>
>>>> - The xmlsec-1.5.2.jar doesn't come with an embedded NOTICE/LICENSE file
>>>> itself
>>>> (which should be an issue for Apache Santuario), but the download
>>>> distribution
>>>> does, and it has a few extra NOTICEs. We thus should also carry these
>>>> additions
>>>> IMO, but this can be done with next release I think.
>>>>
>>>> Regards, Ate
>>>>
>>>> [1] http://www.apache.org/dev/**crypto.html<http://www.apache.org/dev/crypto.html>
>>>> [2] http://www.apache.org/**licenses/exports/<http://www.apache.org/licenses/exports/>
>>>> [3] http://incubator.apache.org/**guides/mentor.html#crypto-**audit<http://incubator.apache.org/guides/mentor.html#crypto-audit>
>>>>
>>>> On 08/22/2012 11:26 PM, Paul Sharples wrote:
>>>>
>>>>> This is the 6th incubator release for Apache Wookie, with the artifacts
>>>>> being
>>>>> versioned as 0.12.0-incubating.
>>>>>
>>>>> We are requesting a vote via wookie-dev for the release of the
>>>>> artifacts in the
>>>>> first instance found here...
>>>>>
>>>>> http://people.apache.org/**builds/incubator/wookie/0.12.**
>>>>> 0-incubating/<http://people.apache.org/builds/incubator/wookie/0.12.0-incubating/>
>>>>>
>>>>> ...as the final 0.12.0-incubating release.
>>>>>
>>>>> PGP release keys (signed using DDED352A):
>>>>>
>>>>> http://www.apache.org/dist/**incubator/wookie/KEYS<http://www.apache.org/dist/incubator/wookie/KEYS>
>>>>>
>>>>> Additionally there are 3 sets of maven artifacts, which we hope will
>>>>> help
>>>>> others to integrate WOOKIE into their own applications. These are...
>>>>>
>>>>> 1. Wookie itself as a downloadable WAR
>>>>> 2. The W3C parser
>>>>> 3. The Java connector framework
>>>>>
>>>>> These artifacts are now in the staging area found here...
>>>>>
>>>>> https://repository.apache.org/**content/repositories/**
>>>>> orgapachewookie-001/<https://repository.apache.org/content/repositories/orgapachewookie-001/>
>>>>>
>>>>> Please take the time to verify the artifacts before casting your vote.
>>>>>
>>>>> Vote will be open at least 72 hours but until we receive most of the
>>>>> committers
>>>>> votes.
>>>>>
>>>>> [ ] +1 approve
>>>>> [ ] +0 no opinion
>>>>> [ ] -1 disapprove (and reason why)
>>>>>
>>>>
>>
>> -----
>> No virus found in this message.
>> Checked by AVG - www.avg.com
>> Version: 2012.0.2197 / Virus Database: 2437/5227 - Release Date: 08/27/12
>> Internal Virus Database is out of date.
>>
>>
>