OpenSSL and crypto export regulations

[Todd Lipcon <to...@cloudera.com>]

Hey devs,

I've been looking at this page this morning:
https://www.apache.org/dev/crypto.html

Still parsing through the fine print, but it seems like we may need to
register Kudu as "containing cryptographic software" before we commit any
of the currently in-flight patches which integrate with OpenSSL.

I'll do a little further reading on this topic, but please hold off on
pushing any SSL-related code until we've determined whether this is
necessary. Of course code reviews can continue :)

-Todd
-- 
Todd Lipcon
Software Engineer, Cloudera

Re: OpenSSL and crypto export regulations

[Todd Lipcon <to...@cloudera.com>]

OK, best I could tell, simply linking against OpenSSL and using Java TLS
stuff is enough to trigger this notification requirement, and there are no
real downsides of going through it. (it's just a notification, no need to
wait for review/approval). So, I went ahead and registered us, and I think
we're safe to move forward.

I also added some content to our docs here:
https://gerrit.cloudera.org/#/c/4905/

-Todd

On Mon, Oct 31, 2016 at 12:29 PM, Todd Lipcon <to...@cloudera.com> wrote:

> Hey devs,
>
> I've been looking at this page this morning:
> https://www.apache.org/dev/crypto.html
>
> Still parsing through the fine print, but it seems like we may need to
> register Kudu as "containing cryptographic software" before we commit any
> of the currently in-flight patches which integrate with OpenSSL.
>
> I'll do a little further reading on this topic, but please hold off on
> pushing any SSL-related code until we've determined whether this is
> necessary. Of course code reviews can continue :)
>
> -Todd
> --
> Todd Lipcon
> Software Engineer, Cloudera
>



-- 
Todd Lipcon
Software Engineer, Cloudera