[Turbine Wiki] Update of "BoardReport-February2008" by ScottEade

[Apache Wiki <wi...@apache.org>]

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Turbine Wiki" for change notification.

The following page has been changed by ScottEade:
http://wiki.apache.org/turbine/BoardReport-February2008

------------------------------------------------------------------------------
- == Apache Turbine Project Board Report, February 2008 ==
+ deleted
  
- === Status ===
- 
- There has been good progress towards resolving the outstanding ECCN issues within the Turbine project.  See below for details.
- 
- The final tasks relating to Turbine becoming a TLP have ''finally'' been completed - the mirrored downloads and archived releases have been moved from jakarta to turbine directories.
- 
- Other than this the Turbine project continues on with a fairly low level of activity.
- 
- The Turbine project has no board-level issues at this time.
- 
- ==== ECCN Status and activity ====
- 
- While this issue has been highlighted by Bill for the current round of reports, it has been on our radar for some time now.
- 
- The following areas '''''had''''' the potential to require ECCN registration due to their use of a "symmetric algorithm employing a key length exceeding 56 bits" and/or because they "were designed to work with strong cryptographic libraries":
-  1. fulcrum-crypto - used the cryptix library to implement Unix crypt()
-  1. The Crypto Service in Turbine Core, from which fulcrum-crypto was extracted - also used the cryptix library
-  1. fulcrum-yaafi - supports decryption of strongly encrypted configuration files
-  1. fulcrum-pbe - supports strong encryption/decryption of files
- 
- In particular, the following actions have taken place:
-  * the cryptix dependency has been removed from fulcrum-crypto and Turbine core's Crypto Service (replaced with org.apache.jetspeed.services.security.ldap.UnixCrypt from the JetSpeed Portal project). 
-  * the exposed interfaces and underlying implementation of fulcrum-yaafi and fulcrum-pbe have been modified to ensure that only DES (56 bit key length) can be used (strong encryption was never used but was available through the exposed interfaces).
- 
- It is our understanding that after our next release of the following components, no aspects of the Apache Turbine project will require ECCN registration:
-  * fulcrum-crypto-1.0.7 - ETA some time in the next few weeks
-  * turbine-2.3.3 - ETA some time in the next month or so
-  * fulcrum-yaafi-1.0.6 - ETA some time in the next few weeks
-  * fulcrum-pbe-1.0.0 - Not yet a released component so no release required in order to comply.
- 
- === Community changes ===
- 
- No new committers were voted in since the last board report.
- 
- No new PMC members were voted in since the last board report.
- 
- === Turbine core project ===
- 
- The Turbine Core trunk and turbine-site modules have been updated to ASL 2.0 - this was long overdue and is in preparation for a future release.
- 
- The changes to fulcrum-crypto have been backported to the Crypto Service so as to eliminate the ECCN registration requirement for Turbine core.
- 
- We are working on releasing Turbine 2.3.3 - this has primarily been waiting on the DB Project's Torque 3.3 release which is likely to appear in the next couple of weeks.
- 
- No beta or final releases were made since the last board report.
- 
- === Fulcrum component project ===
- 
- Mostly ECCN related activity, but progress on migrating from Maven 1.x to Maven 2.x for project builds has commenced.
- 
- No beta or final releases were made since the last board report.
- 
- === META project ===
- 
- No beta or final releases were made since the last board report.
- 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@turbine.apache.org
For additional commands, e-mail: dev-help@turbine.apache.org