You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by David Nalley <da...@gnsa.us> on 2012/10/10 05:08:59 UTC
[MENTOR ACTION NEEDED] Crypto filings
Hi folks,
I was discussing crypto filings this evening with Brett Porter,
particularly the fact that I, as a peon at the ASF, had proposed on
the list making regulatory filings on behalf of the ASF, and how that
situation would have scared me if I had any authority. This brought
about a re-review of the crypto page [1] and I discovered that the
intended audience is PMC members. While I am a member of the PPMC for
CloudStack, that's still remarkably different than being a PMC member
for a TLP. So while I am happy to do the work, I don't want to presume
to take action and end up usurping authority. If one (or more) of our
mentors disagrees with my analysis - please speak up - I am not
shirking the work itself.
I've updated the XML for exports, and you can see the output at [2],
I've included the notice in the README, but I haven't fired off the
email that gives the federal government notice. Also please note that
the current notice is only for the development version, when we
finally get a 4.0 release approved we'll need to go through this again
for 4.0. The email text (generated from bisnotice.sh)
is below.
[1] http://apache.org/dev/crypto.htm
[2] http://apache.org/licenses/exports/
---EMAIL HEADER---
To: crypt@bis.doc.gov, enc@nsa.gov, web_site@bis.doc.gov
Cc: legal-archive@apache.org, {applicable project list}
Subject: TSU NOTIFICATION - Encryption
---EMAIL BODY---
SUBMISSION TYPE: TSU
SUBMITTED BY: Noel J. Bergman
SUBMITTED FOR: The Apache Software Foundation
POINT OF CONTACT: Secretary, The Apache Software Foundation
FAX: +1-919-573-9199
MANUFACTURER(S): JaSypt.org, Oracle, Bouncy Castle, The Apache
Software Foundation, OpenSwan.org, JCraft, Inc.
PRODUCT NAME/MODEL #: Apache CloudStack
ECCN: 5D002
NOTIFICATION: http://www.apache.org/licenses/exports/
----------------
[ke4qqq@mba trunk]$ ./bisnotice.sh
Enter product name: Apache CloudStack
---EMAIL HEADER---
To: crypt@bis.doc.gov, enc@nsa.gov, web_site@bis.doc.gov
Cc: legal-archive@apache.org, {applicable project list}
Subject: TSU NOTIFICATION - Encryption
---EMAIL BODY---
SUBMISSION TYPE: TSU
SUBMITTED BY: Noel J. Bergman
SUBMITTED FOR: The Apache Software Foundation
POINT OF CONTACT: Secretary, The Apache Software Foundation
FAX: +1-919-573-9199
MANUFACTURER(S): JaSypt.org, Oracle, Bouncy Castle, The Apache
Software Foundation, OpenSwan.org, JCraft, Inc.
PRODUCT NAME/MODEL #: Apache CloudStack
ECCN: 5D002
NOTIFICATION: http://www.apache.org/licenses/exports/
----------------
Re: [MENTOR ACTION NEEDED] Crypto filings
Posted by Jim Jagielski <ji...@jaguNET.com>.
You can replace Noel's name w/ mine...
On Oct 9, 2012, at 11:08 PM, David Nalley <da...@gnsa.us> wrote:
> Hi folks,
>
> I was discussing crypto filings this evening with Brett Porter,
> particularly the fact that I, as a peon at the ASF, had proposed on
> the list making regulatory filings on behalf of the ASF, and how that
> situation would have scared me if I had any authority. This brought
> about a re-review of the crypto page [1] and I discovered that the
> intended audience is PMC members. While I am a member of the PPMC for
> CloudStack, that's still remarkably different than being a PMC member
> for a TLP. So while I am happy to do the work, I don't want to presume
> to take action and end up usurping authority. If one (or more) of our
> mentors disagrees with my analysis - please speak up - I am not
> shirking the work itself.
>
> I've updated the XML for exports, and you can see the output at [2],
> I've included the notice in the README, but I haven't fired off the
> email that gives the federal government notice. Also please note that
> the current notice is only for the development version, when we
> finally get a 4.0 release approved we'll need to go through this again
> for 4.0. The email text (generated from bisnotice.sh)
> is below.
>
> [1] http://apache.org/dev/crypto.htm
> [2] http://apache.org/licenses/exports/
>
> ---EMAIL HEADER---
> To: crypt@bis.doc.gov, enc@nsa.gov, web_site@bis.doc.gov
> Cc: legal-archive@apache.org, {applicable project list}
> Subject: TSU NOTIFICATION - Encryption
> ---EMAIL BODY---
> SUBMISSION TYPE: TSU
>
> SUBMITTED BY: Noel J. Bergman
>
> SUBMITTED FOR: The Apache Software Foundation
>
> POINT OF CONTACT: Secretary, The Apache Software Foundation
>
> FAX: +1-919-573-9199
>
> MANUFACTURER(S): JaSypt.org, Oracle, Bouncy Castle, The Apache
> Software Foundation, OpenSwan.org, JCraft, Inc.
>
> PRODUCT NAME/MODEL #: Apache CloudStack
>
> ECCN: 5D002
>
> NOTIFICATION: http://www.apache.org/licenses/exports/
>
> ----------------
>
> [ke4qqq@mba trunk]$ ./bisnotice.sh
> Enter product name: Apache CloudStack
>
> ---EMAIL HEADER---
> To: crypt@bis.doc.gov, enc@nsa.gov, web_site@bis.doc.gov
> Cc: legal-archive@apache.org, {applicable project list}
> Subject: TSU NOTIFICATION - Encryption
> ---EMAIL BODY---
> SUBMISSION TYPE: TSU
>
> SUBMITTED BY: Noel J. Bergman
>
> SUBMITTED FOR: The Apache Software Foundation
>
> POINT OF CONTACT: Secretary, The Apache Software Foundation
>
> FAX: +1-919-573-9199
>
> MANUFACTURER(S): JaSypt.org, Oracle, Bouncy Castle, The Apache
> Software Foundation, OpenSwan.org, JCraft, Inc.
>
> PRODUCT NAME/MODEL #: Apache CloudStack
>
> ECCN: 5D002
>
> NOTIFICATION: http://www.apache.org/licenses/exports/
>
> ----------------
>
Re: [MENTOR ACTION NEEDED] Crypto filings
Posted by Noah Slater <ns...@tumbolia.org>.
Okie dokie. Thanks for the clarification!
On Wed, Oct 10, 2012 at 8:06 PM, David Nalley <da...@gnsa.us> wrote:
> On Wed, Oct 10, 2012 at 3:02 PM, Noah Slater <ns...@tumbolia.org> wrote:
> > From the ASF FAQ:
> >
> > Q. If the ASF distributes/exports a crypto item after qualifying it under
> > the TSU exception, must the same product requalify for release of future
> > versions?
> >
> > A. No. As long as the email's notification URL for the source location
> > still (directly or indirectly) points to the applicable source for each
> > version's crypto item, no additional process is required.
> >
>
>
> But location of source changes - even CouchDB has an entry for
> development and 0.9.0 and later .
>
> http://apache.org/licenses/exports/
>
--
NS
Re: [MENTOR ACTION NEEDED] Crypto filings
Posted by David Nalley <da...@gnsa.us>.
On Wed, Oct 10, 2012 at 3:02 PM, Noah Slater <ns...@tumbolia.org> wrote:
> From the ASF FAQ:
>
> Q. If the ASF distributes/exports a crypto item after qualifying it under
> the TSU exception, must the same product requalify for release of future
> versions?
>
> A. No. As long as the email's notification URL for the source location
> still (directly or indirectly) points to the applicable source for each
> version's crypto item, no additional process is required.
>
But location of source changes - even CouchDB has an entry for
development and 0.9.0 and later .
http://apache.org/licenses/exports/
Re: [MENTOR ACTION NEEDED] Crypto filings
Posted by Noah Slater <ns...@tumbolia.org>.
>From the ASF FAQ:
Q. If the ASF distributes/exports a crypto item after qualifying it under
the TSU exception, must the same product requalify for release of future
versions?
A. No. As long as the email's notification URL for the source location
still (directly or indirectly) points to the applicable source for each
version's crypto item, no additional process is required.
On Wed, Oct 10, 2012 at 8:00 PM, Noah Slater <ns...@tumbolia.org> wrote:
> Can you cite that? We don't do this with CouchDB! I'm fairly certain you
> only have to do it for every new piece of crypto code you add to the
> project. Not every release you do that includes something you have already
> filed for.
>
> Can someone more experienced comment please?
>
>
> On Wed, Oct 10, 2012 at 7:50 PM, David Nalley <da...@gnsa.us> wrote:
>
>> You need to update it for each released version. the filing I posted
>> is only development.
>>
>> --David
>>
>> On Wed, Oct 10, 2012 at 2:46 PM, Noah Slater <ns...@tumbolia.org>
>> wrote:
>> > Why would we need to go through it a second time? (I don't know much
>> about
>> > crypto filings.)
>> >
>> > On Wed, Oct 10, 2012 at 4:08 AM, David Nalley <da...@gnsa.us> wrote:
>> >
>> >> Hi folks,
>> >>
>> >> I was discussing crypto filings this evening with Brett Porter,
>> >> particularly the fact that I, as a peon at the ASF, had proposed on
>> >> the list making regulatory filings on behalf of the ASF, and how that
>> >> situation would have scared me if I had any authority. This brought
>> >> about a re-review of the crypto page [1] and I discovered that the
>> >> intended audience is PMC members. While I am a member of the PPMC for
>> >> CloudStack, that's still remarkably different than being a PMC member
>> >> for a TLP. So while I am happy to do the work, I don't want to presume
>> >> to take action and end up usurping authority. If one (or more) of our
>> >> mentors disagrees with my analysis - please speak up - I am not
>> >> shirking the work itself.
>> >>
>> >> I've updated the XML for exports, and you can see the output at [2],
>> >> I've included the notice in the README, but I haven't fired off the
>> >> email that gives the federal government notice. Also please note that
>> >> the current notice is only for the development version, when we
>> >> finally get a 4.0 release approved we'll need to go through this again
>> >> for 4.0. The email text (generated from bisnotice.sh)
>> >> is below.
>> >>
>> >> [1] http://apache.org/dev/crypto.htm
>> >> [2] http://apache.org/licenses/exports/
>> >>
>> >> ---EMAIL HEADER---
>> >> To: crypt@bis.doc.gov, enc@nsa.gov, web_site@bis.doc.gov
>> >> Cc: legal-archive@apache.org, {applicable project list}
>> >> Subject: TSU NOTIFICATION - Encryption
>> >> ---EMAIL BODY---
>> >> SUBMISSION TYPE: TSU
>> >>
>> >> SUBMITTED BY: Noel J. Bergman
>> >>
>> >> SUBMITTED FOR: The Apache Software Foundation
>> >>
>> >> POINT OF CONTACT: Secretary, The Apache Software Foundation
>> >>
>> >> FAX: +1-919-573-9199
>> >>
>> >> MANUFACTURER(S): JaSypt.org, Oracle, Bouncy Castle, The Apache
>> >> Software Foundation, OpenSwan.org, JCraft, Inc.
>> >>
>> >> PRODUCT NAME/MODEL #: Apache CloudStack
>> >>
>> >> ECCN: 5D002
>> >>
>> >> NOTIFICATION: http://www.apache.org/licenses/exports/
>> >>
>> >> ----------------
>> >>
>> >> [ke4qqq@mba trunk]$ ./bisnotice.sh
>> >> Enter product name: Apache CloudStack
>> >>
>> >> ---EMAIL HEADER---
>> >> To: crypt@bis.doc.gov, enc@nsa.gov, web_site@bis.doc.gov
>> >> Cc: legal-archive@apache.org, {applicable project list}
>> >> Subject: TSU NOTIFICATION - Encryption
>> >> ---EMAIL BODY---
>> >> SUBMISSION TYPE: TSU
>> >>
>> >> SUBMITTED BY: Noel J. Bergman
>> >>
>> >> SUBMITTED FOR: The Apache Software Foundation
>> >>
>> >> POINT OF CONTACT: Secretary, The Apache Software Foundation
>> >>
>> >> FAX: +1-919-573-9199
>> >>
>> >> MANUFACTURER(S): JaSypt.org, Oracle, Bouncy Castle, The Apache
>> >> Software Foundation, OpenSwan.org, JCraft, Inc.
>> >>
>> >> PRODUCT NAME/MODEL #: Apache CloudStack
>> >>
>> >> ECCN: 5D002
>> >>
>> >> NOTIFICATION: http://www.apache.org/licenses/exports/
>> >>
>> >> ----------------
>> >>
>> >
>> >
>> >
>> > --
>> > NS
>>
>
>
>
> --
> NS
>
--
NS
Re: [MENTOR ACTION NEEDED] Crypto filings
Posted by Noah Slater <ns...@tumbolia.org>.
Can you cite that? We don't do this with CouchDB! I'm fairly certain you
only have to do it for every new piece of crypto code you add to the
project. Not every release you do that includes something you have already
filed for.
Can someone more experienced comment please?
On Wed, Oct 10, 2012 at 7:50 PM, David Nalley <da...@gnsa.us> wrote:
> You need to update it for each released version. the filing I posted
> is only development.
>
> --David
>
> On Wed, Oct 10, 2012 at 2:46 PM, Noah Slater <ns...@tumbolia.org> wrote:
> > Why would we need to go through it a second time? (I don't know much
> about
> > crypto filings.)
> >
> > On Wed, Oct 10, 2012 at 4:08 AM, David Nalley <da...@gnsa.us> wrote:
> >
> >> Hi folks,
> >>
> >> I was discussing crypto filings this evening with Brett Porter,
> >> particularly the fact that I, as a peon at the ASF, had proposed on
> >> the list making regulatory filings on behalf of the ASF, and how that
> >> situation would have scared me if I had any authority. This brought
> >> about a re-review of the crypto page [1] and I discovered that the
> >> intended audience is PMC members. While I am a member of the PPMC for
> >> CloudStack, that's still remarkably different than being a PMC member
> >> for a TLP. So while I am happy to do the work, I don't want to presume
> >> to take action and end up usurping authority. If one (or more) of our
> >> mentors disagrees with my analysis - please speak up - I am not
> >> shirking the work itself.
> >>
> >> I've updated the XML for exports, and you can see the output at [2],
> >> I've included the notice in the README, but I haven't fired off the
> >> email that gives the federal government notice. Also please note that
> >> the current notice is only for the development version, when we
> >> finally get a 4.0 release approved we'll need to go through this again
> >> for 4.0. The email text (generated from bisnotice.sh)
> >> is below.
> >>
> >> [1] http://apache.org/dev/crypto.htm
> >> [2] http://apache.org/licenses/exports/
> >>
> >> ---EMAIL HEADER---
> >> To: crypt@bis.doc.gov, enc@nsa.gov, web_site@bis.doc.gov
> >> Cc: legal-archive@apache.org, {applicable project list}
> >> Subject: TSU NOTIFICATION - Encryption
> >> ---EMAIL BODY---
> >> SUBMISSION TYPE: TSU
> >>
> >> SUBMITTED BY: Noel J. Bergman
> >>
> >> SUBMITTED FOR: The Apache Software Foundation
> >>
> >> POINT OF CONTACT: Secretary, The Apache Software Foundation
> >>
> >> FAX: +1-919-573-9199
> >>
> >> MANUFACTURER(S): JaSypt.org, Oracle, Bouncy Castle, The Apache
> >> Software Foundation, OpenSwan.org, JCraft, Inc.
> >>
> >> PRODUCT NAME/MODEL #: Apache CloudStack
> >>
> >> ECCN: 5D002
> >>
> >> NOTIFICATION: http://www.apache.org/licenses/exports/
> >>
> >> ----------------
> >>
> >> [ke4qqq@mba trunk]$ ./bisnotice.sh
> >> Enter product name: Apache CloudStack
> >>
> >> ---EMAIL HEADER---
> >> To: crypt@bis.doc.gov, enc@nsa.gov, web_site@bis.doc.gov
> >> Cc: legal-archive@apache.org, {applicable project list}
> >> Subject: TSU NOTIFICATION - Encryption
> >> ---EMAIL BODY---
> >> SUBMISSION TYPE: TSU
> >>
> >> SUBMITTED BY: Noel J. Bergman
> >>
> >> SUBMITTED FOR: The Apache Software Foundation
> >>
> >> POINT OF CONTACT: Secretary, The Apache Software Foundation
> >>
> >> FAX: +1-919-573-9199
> >>
> >> MANUFACTURER(S): JaSypt.org, Oracle, Bouncy Castle, The Apache
> >> Software Foundation, OpenSwan.org, JCraft, Inc.
> >>
> >> PRODUCT NAME/MODEL #: Apache CloudStack
> >>
> >> ECCN: 5D002
> >>
> >> NOTIFICATION: http://www.apache.org/licenses/exports/
> >>
> >> ----------------
> >>
> >
> >
> >
> > --
> > NS
>
--
NS
Re: [MENTOR ACTION NEEDED] Crypto filings
Posted by David Nalley <da...@gnsa.us>.
You need to update it for each released version. the filing I posted
is only development.
--David
On Wed, Oct 10, 2012 at 2:46 PM, Noah Slater <ns...@tumbolia.org> wrote:
> Why would we need to go through it a second time? (I don't know much about
> crypto filings.)
>
> On Wed, Oct 10, 2012 at 4:08 AM, David Nalley <da...@gnsa.us> wrote:
>
>> Hi folks,
>>
>> I was discussing crypto filings this evening with Brett Porter,
>> particularly the fact that I, as a peon at the ASF, had proposed on
>> the list making regulatory filings on behalf of the ASF, and how that
>> situation would have scared me if I had any authority. This brought
>> about a re-review of the crypto page [1] and I discovered that the
>> intended audience is PMC members. While I am a member of the PPMC for
>> CloudStack, that's still remarkably different than being a PMC member
>> for a TLP. So while I am happy to do the work, I don't want to presume
>> to take action and end up usurping authority. If one (or more) of our
>> mentors disagrees with my analysis - please speak up - I am not
>> shirking the work itself.
>>
>> I've updated the XML for exports, and you can see the output at [2],
>> I've included the notice in the README, but I haven't fired off the
>> email that gives the federal government notice. Also please note that
>> the current notice is only for the development version, when we
>> finally get a 4.0 release approved we'll need to go through this again
>> for 4.0. The email text (generated from bisnotice.sh)
>> is below.
>>
>> [1] http://apache.org/dev/crypto.htm
>> [2] http://apache.org/licenses/exports/
>>
>> ---EMAIL HEADER---
>> To: crypt@bis.doc.gov, enc@nsa.gov, web_site@bis.doc.gov
>> Cc: legal-archive@apache.org, {applicable project list}
>> Subject: TSU NOTIFICATION - Encryption
>> ---EMAIL BODY---
>> SUBMISSION TYPE: TSU
>>
>> SUBMITTED BY: Noel J. Bergman
>>
>> SUBMITTED FOR: The Apache Software Foundation
>>
>> POINT OF CONTACT: Secretary, The Apache Software Foundation
>>
>> FAX: +1-919-573-9199
>>
>> MANUFACTURER(S): JaSypt.org, Oracle, Bouncy Castle, The Apache
>> Software Foundation, OpenSwan.org, JCraft, Inc.
>>
>> PRODUCT NAME/MODEL #: Apache CloudStack
>>
>> ECCN: 5D002
>>
>> NOTIFICATION: http://www.apache.org/licenses/exports/
>>
>> ----------------
>>
>> [ke4qqq@mba trunk]$ ./bisnotice.sh
>> Enter product name: Apache CloudStack
>>
>> ---EMAIL HEADER---
>> To: crypt@bis.doc.gov, enc@nsa.gov, web_site@bis.doc.gov
>> Cc: legal-archive@apache.org, {applicable project list}
>> Subject: TSU NOTIFICATION - Encryption
>> ---EMAIL BODY---
>> SUBMISSION TYPE: TSU
>>
>> SUBMITTED BY: Noel J. Bergman
>>
>> SUBMITTED FOR: The Apache Software Foundation
>>
>> POINT OF CONTACT: Secretary, The Apache Software Foundation
>>
>> FAX: +1-919-573-9199
>>
>> MANUFACTURER(S): JaSypt.org, Oracle, Bouncy Castle, The Apache
>> Software Foundation, OpenSwan.org, JCraft, Inc.
>>
>> PRODUCT NAME/MODEL #: Apache CloudStack
>>
>> ECCN: 5D002
>>
>> NOTIFICATION: http://www.apache.org/licenses/exports/
>>
>> ----------------
>>
>
>
>
> --
> NS
Re: [MENTOR ACTION NEEDED] Crypto filings
Posted by Noah Slater <ns...@tumbolia.org>.
Why would we need to go through it a second time? (I don't know much about
crypto filings.)
On Wed, Oct 10, 2012 at 4:08 AM, David Nalley <da...@gnsa.us> wrote:
> Hi folks,
>
> I was discussing crypto filings this evening with Brett Porter,
> particularly the fact that I, as a peon at the ASF, had proposed on
> the list making regulatory filings on behalf of the ASF, and how that
> situation would have scared me if I had any authority. This brought
> about a re-review of the crypto page [1] and I discovered that the
> intended audience is PMC members. While I am a member of the PPMC for
> CloudStack, that's still remarkably different than being a PMC member
> for a TLP. So while I am happy to do the work, I don't want to presume
> to take action and end up usurping authority. If one (or more) of our
> mentors disagrees with my analysis - please speak up - I am not
> shirking the work itself.
>
> I've updated the XML for exports, and you can see the output at [2],
> I've included the notice in the README, but I haven't fired off the
> email that gives the federal government notice. Also please note that
> the current notice is only for the development version, when we
> finally get a 4.0 release approved we'll need to go through this again
> for 4.0. The email text (generated from bisnotice.sh)
> is below.
>
> [1] http://apache.org/dev/crypto.htm
> [2] http://apache.org/licenses/exports/
>
> ---EMAIL HEADER---
> To: crypt@bis.doc.gov, enc@nsa.gov, web_site@bis.doc.gov
> Cc: legal-archive@apache.org, {applicable project list}
> Subject: TSU NOTIFICATION - Encryption
> ---EMAIL BODY---
> SUBMISSION TYPE: TSU
>
> SUBMITTED BY: Noel J. Bergman
>
> SUBMITTED FOR: The Apache Software Foundation
>
> POINT OF CONTACT: Secretary, The Apache Software Foundation
>
> FAX: +1-919-573-9199
>
> MANUFACTURER(S): JaSypt.org, Oracle, Bouncy Castle, The Apache
> Software Foundation, OpenSwan.org, JCraft, Inc.
>
> PRODUCT NAME/MODEL #: Apache CloudStack
>
> ECCN: 5D002
>
> NOTIFICATION: http://www.apache.org/licenses/exports/
>
> ----------------
>
> [ke4qqq@mba trunk]$ ./bisnotice.sh
> Enter product name: Apache CloudStack
>
> ---EMAIL HEADER---
> To: crypt@bis.doc.gov, enc@nsa.gov, web_site@bis.doc.gov
> Cc: legal-archive@apache.org, {applicable project list}
> Subject: TSU NOTIFICATION - Encryption
> ---EMAIL BODY---
> SUBMISSION TYPE: TSU
>
> SUBMITTED BY: Noel J. Bergman
>
> SUBMITTED FOR: The Apache Software Foundation
>
> POINT OF CONTACT: Secretary, The Apache Software Foundation
>
> FAX: +1-919-573-9199
>
> MANUFACTURER(S): JaSypt.org, Oracle, Bouncy Castle, The Apache
> Software Foundation, OpenSwan.org, JCraft, Inc.
>
> PRODUCT NAME/MODEL #: Apache CloudStack
>
> ECCN: 5D002
>
> NOTIFICATION: http://www.apache.org/licenses/exports/
>
> ----------------
>
--
NS