Re: crypto in non-free

To: Ben Reser <ben@reser.org>
Cc: debian-legal@lists.debian.org
Subject: Re: crypto in non-free
From: Ian Beckwith <ianb@nessie.mcc.ac.uk>
Date: Sat, 7 Feb 2004 18:30:40 +0000
Message-id: <[🔎] 20040207183040.A50035@nessie.mcc.ac.uk>
In-reply-to: <[🔎] 20040202064745.GG25614@occipital.brain.org>; from ben@reser.org on Sun, Feb 01, 2004 at 10:47:45PM -0800
References: <20040131130217.B23263@nessie.mcc.ac.uk> <[🔎] 20040201221429.GA24681@stonewall> <[🔎] 20040202064745.GG25614@occipital.brain.org>

On Sun, Feb 01, 2004 at 10:47:45PM -0800, Ben Reser wrote:
> The TSU license exception is defined in §740.13 of the EAR which
> references §734.3(b)(3) and further references §734.7 and §734.10 which
> does not use the term public domain.  Nor does it require that the
> software not have usage restrictions on it.  The standard used is that
> the technology (not necessarily the source code) is publically
> available.
> 
> In fact it specificaly mentions information published in patent
> applications (provided it follows some certain rules).  Essentially the
> patent has to be a applied for by a foreigner inventor, or filed in a
> foreign patent by a US inventor.  It's difficult to ensure that a crypto
> tool qualifies under the patent exception because it requires some foot
> work tracking down the origin of the technology and possibly foreign
> patents.
> 
> However, the existence of a patent does not disqualify the license
> exception.  It's simply one of the possible methods of qualifying for
> it.
> 
> You can read them here:
> http://w3.access.gpo.gov/bis/ear/ear_data.html

I've been staring intermittently at those regulations for the last few
days, and I feel like my IQ has lost 20 points.

> Everything Debian distributes in main would qualify for the TSU
> exception because the DFSG is a subset of the EAR definition of
> publically available.
> 
> The problem with non-free is that some things in it may not meet the
> definition of publically available.  For instance a tool that didn't
> include the source code would not qualify, even if the binaries are
> freely distributable.

There are currently only 2 packages in non-US/non-free, rsaref2 and
pgp5i.  Both have source available. If it is the RSA patent that is
keeping them in non-US/non-free, hasn't that expired?

ckermit (which is why I asked the question in the first place) also has
source available. 

So, unless there are other problems which I missed (highly likely),
could all three go into non-free?

I realise as it is non-free debian might not want to bother with the
effort of BXA/BIS/EAR/whatever registration.

Thanks,

Ian.

-- 
Ian Beckwith - ianb@nessie.mcc.ac.uk - http://nessie.mcc.ac.uk/~ianb/
GPG fingerprint: AF6C C0F1 1E74 424B BCD5  4814 40EC C154 A8BA C1EA
Listening to: Portishead - A Tribute to Monk and Canatella

Reply to:

References:
- Re: crypto in non-free
  - From: "Brian M. Carlson" <sandals@crustytoothpaste.ath.cx>
- Re: crypto in non-free
  - From: Ben Reser <ben@reser.org>

Prev by Date: Re: Fwd: [Politech] California DeCSS case eventually, finally, over [ip]
Next by Date: Bug#231603: Licence problem in /etc/amavis-ng/amavis.conf
Previous by thread: Re: crypto in non-free
Next by thread: Re: XFree86 license difficulties
Index(es):
- Date
- Thread