Re: WARNING: Crypto software to be included into main Debian distribution
- To: debian-legal@lists.debian.org
- Subject: Re: WARNING: Crypto software to be included into main Debian distribution
- From: Walter Landry <wlandry@ucsd.edu>
- Date: Fri, 01 Mar 2002 13:26:14 -0800 (PST)
- Message-id: <[🔎] 20020301.132614.71081301.wlandry@ucsd.edu>
- In-reply-to: <20020301025550.GA1341@azure.humbug.org.au>
- References: <20020228072601.GA32277@azure.humbug.org.au> <20020228.133009.41625901.wlandry@ucsd.edu> <20020301025550.GA1341@azure.humbug.org.au>
Anthony Towns <aj@azure.humbug.org.au> wrote:
> And frankly, no, you _can't_ export code and say "Do whatever you want
> with it" in that sense: you can't export gcc to a T7 country and tell
> them, "go ahead, use it to build a nuclear arsenal".
Excuse me? Why can't I do that? There are no export restrictions on
software like gcc. There is for hydrodynamic simulation codes (oddly
enough, you can't give them to North Korea, but Iraq seems fine) and
crypto, but not for compilers. I am free to give them the code and
tell them (to quote Theo De Raadt) to use it "for any purpose they
wish to use it, including modification, use, peeing on, or even
integration into baby mulching machines or atomic bombs to be dropped
on Australia."
> > If the software was only made available to US citizens, then there
> > would be no issue. However, how do you think that the non-US mirrors
> > get their copies?
>
> By mirroring it, legally, from the US. What they do from then on is a
> matter for copyright treaties and local laws.
>
> I realise equivalence transformations and transitivity are things we're
> used to using in logical analysis, but they just do not apply in this
> case. That's why we went and got legal advice from a lawyer instead of
> just making it up on our own.
The lawyer was actually unclear as to whether overseas official
mirrors should do IP lookups and include a EULA. He treated Debian as
a single entity. He did make it clear that overseas non-official
mirrors do not have to do reverse-IP lookups and include a EULA.
> Well, I'm sorry, but unless you're a trained lawyer, you just don't
> have any credibility on the matter. The law is a complicated thing, and
> when we've got an expert's considered opinion contradicting an amateur's
> take on events, well, it's obvious which one we're going with. Further,
> since you're not a developer and generally have utterly no stake in this,
> there's no point arguing moral justifications or whether this is really
> "free" or other pointless hogwash.
Actually, I would be very interested if you could point out where I am
contradicting the expert advice. I certainly don't see anywhere in
the lawyers opinion where it says that the nuke related stuff is not a
use restriction. He did suggest a EULA which clearly had a use
restriction. I don't think he generally worries about that sort of
thing.
> It's funny how that happens when you spend, what, over ten months working
> on getting competent advice on an important issue, to have twits decide
> that, no, the advice is wrong and really it's more important to be able
> to have an official ftp.iq.debian.org than to have crypto usable.
Perhaps if the letter from the lawyer had been posted to the
appropriate venue when Debian got it (way back in July), then you
wouldn't be so upset that people are talking about it. We might then
have had more time to get clarifications about these issues. Don't
blame me if a lack of transparency is causing you heartburn.
Regards,
Walter Landry
wlandry@ucsd.edu
Reply to: