On Fri, Mar 09, 2001 at 11:59:38PM -0500, Brian Ristuccia wrote: > * Evan Prodromou <evan@debian.org> [010305 18:46]: > > My problem is that I'm a US citizen. I think, as far as I can tell, > > that it's legal for me to upload this code to a non-US server. > > It is, provided you mail a copy of the software or the public address > where > you will be posting it to crypt@bxa.doc.gov before you upload. I've > proposed > a modification to dupload that would let you automagically send the > package > itself to a list of addresses at upload time. (It's too difficult to > reliably tell what the ultimate location is going to end up being due > to > mirroring, potential future changes to dinstall, etc.) I wish people would be more careful with this. A lot of people (myself included) feel that the government is very likely to attempt to revert to its former policies regarding crypto technology exports. My fears grew with a recent little propaganda campaign that they ran, reporting to several major U.S. newspapers that strong crypto is what's allowing terrorists like Ossama bin Laden to continue to get away with stuff that he's doing. Remember that no laws have changed in the U.S. It was merely an executive decision by the Clinton administration that altered the policy regarding export of strong crypto. There's no indication that the new administration supports the new policy at all, and considering some of the characters involved, there is reason to suspect the opposite. > It used to be prohibited for people in the US to upload crypto capable > software to non-us, but I don't think this is the case any longer. > Recently, > I've even seen growing consensus that it's OK to upload crypto > software to > main provided you make the bxa notification before you upload. Crypto > and > crypto hooks already in main includes Netscape 4, mutt, and the soon > to be > uploaded Mozilla 0.8 package. Groups like FreeS/WAN and OpenBSD still don't allow crypto development by U.S. citizens. I don't necessarily propose that Debian takes such a stance, but I *really* don't think it's a good idea to allow crypto in main. If the government policy does change after we've integrated crypto with main then we've got a big mess to deal with and it will take a lot of work to get things back to a legal state. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
Attachment:
pgpjBy4Negvhc.pgp
Description: PGP signature