From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Dominik Csapak <d.csapak@proxmox.com>,
Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
Shan Shaji <s.shaji@proxmox.com>
Subject: Re: [pve-devel] [PATCH pve_flutter_frontend v2] chore: ios: add export compliance key to info.plist
Date: Fri, 26 Sep 2025 11:51:17 +0200 [thread overview]
Message-ID: <57578ffc-d91c-49b9-a2ac-9d53f1b29d93@proxmox.com> (raw)
In-Reply-To: <f1ccba2c-8d53-4673-b1d0-f6194176db9f@proxmox.com>
Am 26.09.25 um 11:21 schrieb Dominik Csapak:
> I'm not a lawyer, but are you sure we are compliant with this?
>
> the https client will use encryption, so it's not like we don't use
> encryption at all. (Especially with the cupertino_http package)
We use it, but we do not implement it, which is the key point
here.
> I guess this is exempt, but having some reference for that (aside
> some medium/reddit post) would be nice.
>
> At least some kind of rationale in the commit would be good.
> (IMHO 'we don't use proprietary encryption' is not a good reason
> when also 'standard encryption' falls under the export regulation...)
>
> @Thomas, what do you think?
We basically only need to check if any of the used dependencies
implements the (lower level) encryption that HTTPS builds upon
themselves, compared to using the platform libraries for that.
And doing so would be good in any case, which would be an actual
blocker for us anyway, i.e. independent of legal compliance with
app stores, as that needs to be thoroughly vetted then, and even
if we could to that (which I don't think we got the capacity to
thoroughly do for this, especially considering the ROI here),
would still need other to feel somewhat confident.
I quickly checked cupertino_http [0], and from what I saw it uses
only iOS platform native interfaces for TLS and the like, if that
holds true (please check closer), we would be indeed compliant and
can indeed signal this through setting ITSAppUsesNonExemptEncryption
flag to false.
[0]: https://github.com/dart-lang/http/tree/master/pkgs/cupertino_http/lib/src
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
prev parent reply other threads:[~2025-09-26 9:51 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-25 12:32 Shan Shaji
2025-09-26 9:21 ` Dominik Csapak
2025-09-26 9:51 ` Thomas Lamprecht [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57578ffc-d91c-49b9-a2ac-9d53f1b29d93@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=d.csapak@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
--cc=s.shaji@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox