You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@dubbo.apache.org by Huxing Zhang <hu...@apache.org> on 2019/05/24 03:34:17 UTC

Regarding EAR on encryption software

Hi,

Recently ASF announced[1] a statement regarding US Federal Register
Notice of non-US affiliates added to Entity List Ruling. It says:

Open Source projects involving encryption software source code are
still required to send a notice of the URL to BIS and NSA to satisfy
the "publicly available" notice requirement in EAR § 742.15(b).

I want to make sure Dubbo does not involving encryption software.
Dubbo has integrated various external softwares which provide the
feature to encrypt software, for example:
- Netty
- Apache Tomcat
- Jetty
- jetcd

I checked the source on Dubbo, and did not found any code that
activates the encryption.
So basically I think it is safe here.

If you found any issues regarding encryption please let me know. We
need to send a notice to BIS and NSA.

[1] https://blogs.apache.org/foundation/entry/statement-by-the-apache-software

-- 
Best Regards！
Huxing