You are viewing a plain text version of this content. The canonical link for it is here.
Posted to legal-discuss@apache.org by Ross Gardler <rg...@opendirective.com> on 2012/10/12 09:40:12 UTC
Re: [VOTE] Apache Wookie 0.12.0-incubating Release Candidate
Dear leagal-discuss,
The Wookie podling needs and answer on ticket
https://issues.apache.org/jira/browse/LEGAL-148
That ticket has been open for six weeks with no response. It is blocking a
release and since Wookie has a four weekly release cycle a six week delay
is very significant. It is also, in the case slowing graduation.
We'd really appreciate someone taking look. If a response is not
forthcoming because of a lack of info please let the podling know so they
can explain further.
Thank you.
https://issues.apache.org/jira/browse/LEGAL-148
Ross
Sent from my tablet
On Oct 11, 2012 3:15 PM, "Paul Sharples" <p....@bolton.ac.uk> wrote:
> On 31/08/2012 10:24, Scott Wilson wrote:
>
>> On 31 Aug 2012, at 02:05, Franklin, Matthew B. wrote:
>>
>> On 8/30/12 4:44 PM, "Ate Douma" <at...@douma.nu> wrote:
>>>
>>> Hi team,
>>>>
>>>> I've checked this release candidate and I *think* I can vote +1 on this,
>>>> but I'm
>>>> not sure about maybe one important thing: if this version might be
>>>> embedding
>>>> restricted cryptography functionality, or not:
>>>>
>>>> This version adds Apache Santuario xmlsec-1.5.2.jar for W3C XML Digital
>>>> Signatures support. AFAIK Santuario can be used to encrypt XML. Even if
>>>> Wookie
>>>> doesn't, if it is bundled this release might be considered 'exporting'
>>>> cryptography functionality. I'm totally unexperienced in this regard for
>>>> what
>>>> the rules/restrictions etc. are [1], and/or if something needs to be
>>>> done
>>>> before
>>>> dealing with this [2].
>>>>
>>> IMO, this might be best discussed with legal. The crypto site notes that
>>> an update to the language was posted by the US IBS in 2010 but the text
>>> of
>>> our site hasn't been updated. Better safe than sorry.
>>>
>> I've created a new Question ticket in Legal Discuss for this:
>>
>> https://issues.apache.org/**jira/browse/LEGAL-148<https://issues.apache.org/jira/browse/LEGAL-148>
>>
>
> Its now been six weeks without an answer from legal and it looks as though
> we will never get one.
> How do we we proceed?
>
> Apologies to all for not picking this up sooner, but I have been swamped
> this last month.
>
> Paul
>
>
>> I couldn't find anything concerning this on the Santuario site, so
>>>> maybe/probably I'm just making noise, but as the Incubator mentor guide
>>>> says
>>>> this *must* be checked [3], I'm raising this now.
>>>>
>>>> If already checked and/or a false alarm then I apologize for the
>>>> trouble,
>>>> and if
>>>> this is resolved or can be ignored, I vote +1 for this release
>>>> candidate.
>>>>
>>> I too am +1 pending legal's sign off on the crypto
>>>
>>>
>>> Besides the above, there are two other minor issues:
>>>> - The current LICENSE file(s) have encoding errors since the addition of
>>>> the
>>>> xmldsig-core-schema.xsd section at the end.
>>>>
>>>> - The xmlsec-1.5.2.jar doesn't come with an embedded NOTICE/LICENSE file
>>>> itself
>>>> (which should be an issue for Apache Santuario), but the download
>>>> distribution
>>>> does, and it has a few extra NOTICEs. We thus should also carry these
>>>> additions
>>>> IMO, but this can be done with next release I think.
>>>>
>>>> Regards, Ate
>>>>
>>>> [1] http://www.apache.org/dev/**crypto.html<http://www.apache.org/dev/crypto.html>
>>>> [2] http://www.apache.org/**licenses/exports/<http://www.apache.org/licenses/exports/>
>>>> [3] http://incubator.apache.org/**guides/mentor.html#crypto-**audit<http://incubator.apache.org/guides/mentor.html#crypto-audit>
>>>>
>>>> On 08/22/2012 11:26 PM, Paul Sharples wrote:
>>>>
>>>>> This is the 6th incubator release for Apache Wookie, with the artifacts
>>>>> being
>>>>> versioned as 0.12.0-incubating.
>>>>>
>>>>> We are requesting a vote via wookie-dev for the release of the
>>>>> artifacts in the
>>>>> first instance found here...
>>>>>
>>>>> http://people.apache.org/**builds/incubator/wookie/0.12.**
>>>>> 0-incubating/<http://people.apache.org/builds/incubator/wookie/0.12.0-incubating/>
>>>>>
>>>>> ...as the final 0.12.0-incubating release.
>>>>>
>>>>> PGP release keys (signed using DDED352A):
>>>>>
>>>>> http://www.apache.org/dist/**incubator/wookie/KEYS<http://www.apache.org/dist/incubator/wookie/KEYS>
>>>>>
>>>>> Additionally there are 3 sets of maven artifacts, which we hope will
>>>>> help
>>>>> others to integrate WOOKIE into their own applications. These are...
>>>>>
>>>>> 1. Wookie itself as a downloadable WAR
>>>>> 2. The W3C parser
>>>>> 3. The Java connector framework
>>>>>
>>>>> These artifacts are now in the staging area found here...
>>>>>
>>>>> https://repository.apache.org/**content/repositories/**
>>>>> orgapachewookie-001/<https://repository.apache.org/content/repositories/orgapachewookie-001/>
>>>>>
>>>>> Please take the time to verify the artifacts before casting your vote.
>>>>>
>>>>> Vote will be open at least 72 hours but until we receive most of the
>>>>> committers
>>>>> votes.
>>>>>
>>>>> [ ] +1 approve
>>>>> [ ] +0 no opinion
>>>>> [ ] -1 disapprove (and reason why)
>>>>>
>>>>
>>
>> -----
>> No virus found in this message.
>> Checked by AVG - www.avg.com
>> Version: 2012.0.2197 / Virus Database: 2437/5227 - Release Date: 08/27/12
>> Internal Virus Database is out of date.
>>
>>
>