Skip to content
Permalink
Browse files
Update crypto.md
Updated the location and description of the source file for the product matrix.
  • Loading branch information
cottage14 committed Apr 8, 2022
1 parent e5370b6 commit f5adb44edecd4613f7e437dbbc765429a89b7b9d
Showing 1 changed file with 3 additions and 5 deletions.
@@ -4,12 +4,10 @@ This page provides PMC members with the information they need to ensure U.S. exp

**This page is not intended for users of Apache products**. Users should consult the <a href="https://www.apache.org/licenses/exports/" target="_blank">export control status of our products</a>.

**Note**: The regulations covering US export control laws for encryption are continuously changing, and the last modification of this page, to describe the current state of regulations, was May 24, 2019.
**Note**: The regulations covering US export control laws for encryption are continuously changing, and the latest modification of this page, to describe the current state of regulations, was May 24, 2019.

This page describes the process which should be continued until the Apache VP Legal Affairs approves an updated version.

<h1>WARNING: this page is out of date: e.g. the ECCN matrix file has moved to Git and changed name</h1>

<h4 id="updates">Notification of Updates to this Page<a class="headerlink" href="#updates" title="Permanent link">&para;</a></h4>

Notices of updates to this page appear on the <a href="https://www.apache.org/foundation/mailinglists.html#foundation-legal" target="_blank">legal-discuss</a> mailing list.
@@ -47,9 +45,9 @@ the <a href="/foundation/">ASF Vice President for Legal Affairs</a>.

To satisfy the BIS requirements to make source code available for inspection, while minimizing the number of <a href="#notify">notification emails</a> needed to be sent, the ASF maintains a single web page at <a href="https://www.apache.org/licenses/exports/" target="_blank">https://www.apache.org/licenses/exports/</a> with links to the applicable source code for each version of each ASF product classified as ECCN 5D002.

To make updates to this ASF-wide Exports page as simple and consistent as possible, the <a href="https://svn.apache.org/repos/asf/infrastructure/site/trunk/content/licenses/exports/index.page/eccnmatrix.xml" target="_blank">source XML page</a> contains a list of XML trees under `eccnmatrix` that can be edited by anyone with site-dev karma (which includes all PMC chairs). The exports web page is generated from the XML file.
To make updates to this ASF-wide Exports page as simple and consistent as possible, the <a href="https://github.com/apache/www-site/blob/main/data/eccn/eccnmatrix.yaml" target="_blank">source matrix</a> is a .yaml file that anyone with site-dev karma (which includes all PMC chairs) can update. The exports web page is generated from this .yaml file.

Any edits to the exports page should be tested using both the site build process (view `index.html` before committing any changes) and by running the `bisnotice.xsl` transform on the product added/changed (see below). You can probably figure out what the content of the XML fields should be by following the example of other projects and reading the page. If you have any further questions about the content, or if you are not sure that a BIS notice is required, please check the <a href="#faq">FAQs</a> first and then bring any remaining questions to the `legal-discuss` mailing list. Note that the product data should only be version-specific if the classification changes (e.g., Apache HTTP Server version 1.3 vs 2.0) or if the link to the controlled source code needs to change, such as if the encryption library included in the product for different releases came from different manufacturers. In addition, it is possible to include both controlled and non-controlled (ECCN "n/a") products in the list, but a BIS notice is only necessary for the products that have at least one version classified as ECCN 5D002.
Test any edits to the exports page using both the site build process (view `index.html` before committing any changes) and by running the `bisnotice.xsl` transform on the product added/changed (see below). You can probably figure out how to format the information for your project's product by following the example of other projects and reading the page. If you have any further questions about the content, or if you are not sure that a BIS notice is required, please check the <a href="#faq">FAQs</a> first and then bring any remaining questions to the `legal-discuss` mailing list. Note that the product data should only be version-specific if the classification changes (e.g., Apache HTTP Server version 1.3 vs 2.0) or if the link to the controlled source code needs to change, such as if the encryption library included in the product for different releases came from different manufacturers. In addition, it is possible to include both controlled and non-controlled (ECCN "n/a") products in the list, but a BIS notice is only necessary for the products that have at least one version classified as ECCN 5D002.

<h3 id="notify">Notify the U.S. Government of the release<a class="headerlink" href="#notify" title="Permanent link">&para;</a></h3>

0 comments on commit f5adb44

Please sign in to comment.