You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by "Roy T. Fielding" <fi...@apache.org> on 2007/02/16 23:27:49 UTC

TSU NOTIFICATION - Encryption

SUBMISSION TYPE:      TSU

SUBMITTED BY:         Roy T. Fielding

SUBMITTED FOR:        The Apache Software Foundation

POINT OF CONTACT:     Secretary, The Apache Software Foundation

FAX:                  +1-410-803-2258

MANUFACTURER(S):      The Apache Software Foundation

PRODUCT NAME/MODEL #: Apache Flood

ECCN:                 5D002

NOTIFICATION:         http://www.apache.org/licenses/exports/

Re: TSU NOTIFICATION - Encryption

Posted by "Roy T. Fielding" <fi...@gbiv.com>.

On Feb 22, 2007, at 3:06 PM, William A. Rowe, Jr. wrote:
> No release, no binaries, Yes.  What is your objection to binaries once
> a new release is voted on (other than not releasable because ...)?

I'd rather not supply floods to the clueless.  Providing tools to
developers is okay.  If someone wants to package flood for users,
they should move flood to its own project in incubator.

....Roy

Re: TSU NOTIFICATION - Encryption

Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.

Roy T. Fielding wrote:
> On Feb 17, 2007, at 4:06 PM, William A. Rowe, Jr. wrote:
> 
>> All US legal obligations are satisfied.  Correct?
> 
> Correct.

Thanks for confirmation.  Rather than 'push this out' - I've started a
dialog (at least, I hope it becomes more than typing into the bitbucket)
about what that package should contain and that it meets our goals.  I will
send a corresponding note to testers@ (occasionally forget about that list
altogether, sigh.)

>> I note that Flood refers only to ASF code; if we want to ship a binary
>> for folks to flood their test machines from win32 boxes (including https)
>> we still need to ?
> 
> I would need to change the notice.  In any case, I am -1 to shipping
> binaries of flood for any platform.

No release, no binaries, Yes.  What is your objection to binaries once
a new release is voted on (other than not releasable because ...)?

>> The incoming mod_ftp may still needs a crypto notice, as it
>> facilitates ftps
>> and starttls handshaking using mod_ssl's hooks to OpenSSL to provide the
>> FTPImplicitSSL and FTPOptions RequireSSL directive features, and the
>> ftp AUTH
>> command handler.  Although it derives it's ssl encryption from mod_ssl by
>> way of openssl, I presume we want to add this item to our notices list
>> and
>> to send them a notification.  Correct?
> 
> Yes, I was just waiting for a stable link to the source.  Done.

And again, thank you.

Bill

Re: TSU NOTIFICATION - Encryption

Posted by "Roy T. Fielding" <fi...@gbiv.com>.

On Feb 17, 2007, at 4:06 PM, William A. Rowe, Jr. wrote:

> With the posting of these notifications, and record of the
> http://www.apache.org/licenses/exports/ - there are no further
> obstacles to posting http://www.apache.org/dist/httpd/binaries/win32/
>
>   apache_2.2.4-win32-x86-openssl-0.9.8d.msi
>
> and uncommenting/updating the <!----> commented out text in README.txt
> of this page?  All US legal obligations are satisfied.  Correct?

Correct.

> I note that Flood refers only to ASF code; if we want to ship a binary
> for folks to flood their test machines from win32 boxes (including  
> https)
> we still need to ?

I would need to change the notice.  In any case, I am -1 to shipping
binaries of flood for any platform.

> The incoming mod_ftp may still needs a crypto notice, as it  
> facilitates ftps
> and starttls handshaking using mod_ssl's hooks to OpenSSL to  
> provide the
> FTPImplicitSSL and FTPOptions RequireSSL directive features, and  
> the ftp AUTH
> command handler.  Although it derives it's ssl encryption from  
> mod_ssl by
> way of openssl, I presume we want to add this item to our notices  
> list and
> to send them a notification.  Correct?

Yes, I was just waiting for a stable link to the source.  Done.

....Roy

Re: TSU NOTIFICATION - Encryption

Posted by "Roy T. Fielding" <fi...@gbiv.com>.

On Feb 18, 2007, at 3:54 AM, Graham Leggett wrote:
> And is it now possible to post mod_ssl RPM binaries?

Yes.  In fact, there is no reason to distinguish between 2.x binaries
containing and not containing mod_ssl -- they are all equally 5D002
export-controlled.  We would have to fork the products at the source
level if we wanted to distinguish them (assuming there was some need
to do so, such as laws in other countries).

The apache 1.3 product remains free of any encryption.

....Roy

Re: TSU NOTIFICATION - Encryption

Posted by Graham Leggett <mi...@sharp.fm>.

William A. Rowe, Jr. wrote:

> With the posting of these notifications, and record of the
> http://www.apache.org/licenses/exports/ - there are no further
> obstacles to posting http://www.apache.org/dist/httpd/binaries/win32/
> 
>   apache_2.2.4-win32-x86-openssl-0.9.8d.msi
> 
> and uncommenting/updating the <!----> commented out text in README.txt
> of this page?  All US legal obligations are satisfied.  Correct?

And is it now possible to post mod_ssl RPM binaries?

If so, I will make them available.

Regards,
Graham
--

Re: TSU NOTIFICATION - Encryption

Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.

William A. Rowe, Jr. wrote:
> 
> I note that Flood refers only to ASF code; if we want to ship a binary
> for folks to flood their test machines from win32 boxes (including https)
> we still need to ?

... have an item in our list for flood-0.4+openssl?

Re: TSU NOTIFICATION - Encryption

Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.

With the posting of these notifications, and record of the
http://www.apache.org/licenses/exports/ - there are no further
obstacles to posting http://www.apache.org/dist/httpd/binaries/win32/

  apache_2.2.4-win32-x86-openssl-0.9.8d.msi

and uncommenting/updating the <!----> commented out text in README.txt
of this page?  All US legal obligations are satisfied.  Correct?

I note that Flood refers only to ASF code; if we want to ship a binary
for folks to flood their test machines from win32 boxes (including https)
we still need to ?

The incoming mod_ftp may still needs a crypto notice, as it facilitates ftps
and starttls handshaking using mod_ssl's hooks to OpenSSL to provide the
FTPImplicitSSL and FTPOptions RequireSSL directive features, and the ftp AUTH
command handler.  Although it derives it's ssl encryption from mod_ssl by
way of openssl, I presume we want to add this item to our notices list and
to send them a notification.  Correct?

Bill