Re: Debian Crypto in Main document...
>>"Raul" == Raul Miller <firstname.lastname@example.org> writes:
Raul> My first thought, on reading this, is: Do we care about stability?
Raul> If U.S. laws or regulations are likely to change significantly (because
Raul> of constitutional challenges, lobbying, etc.) do we care? If so, what
Raul> kinds of likely changes do we care about? [Does it matter to us if the
Raul> legal climate on cryptography requiers us to change our crypto policy
Raul> a couple times every year?]
It matters from a viewpoint of administering the archives,
the upload queues, etc. Suppose we merge the two archives, and
then. as you put it, the cryptographic climate changes. Would there
be any liability? We would still need to remove the software from the
master site, and would have to hasten to remove it from sites which
replicate the software repository (mirrors). CD vendors may be
hesitant to offer Debian in bulk if ever their inventory is deemed
illegal. We would have to reinstitute any dismantled upgrade and
autobuild processes that were obsoleted when we moved all crypto
software into main.
Upgrade paths may be compromised by the vacillation. Indeed,
depending on how far the integration of crypto spreads into software
that has traditionally not had crypto, and thus been in main,
reverting may cause enough of software to have to go to non-us/main
that the distribution left in main would be crippled.
>> As with all operating system vendors, Debian needs to include
>> cryptographic software. This software provides security, allows
>> users to engage in Internet commerce, and accomplishes other tasks
>> requiring cryptography. Today, this software is stored on a server
>> outside the United States. Currently Debian takes no measures to
>> assist US developers in following export control regulations if
>> they upload software to the non-US archive or to prevent them from
>> uploading software. We would like to move cryptographic software from
>> the server outside the US onto our main server in the US.
Raul> Would some of the reasons why we want this matter to a legal person?
Usability: with the increasing networked nature of the work, and the
fact that more and more critical functions are being placed on
computing platforms, and the unfortunate growth of mischief and
deliberate malice, security is going to be increasingly
important. Cryptography is an important corner stone of a number of
security processes. Any OS that does not make an effort to seamlessly
integrate cryptography is unlikely to be competitive.
Putting all software on a single source, and the corresponding
ability to create a single set of CD's that have integrated
cryptographic support makes it easier for the users, makes it easier
for CD vendors, simplifies the task of developers uploading software
to these sites, and simplifies the task of replicating the software
repositories on the internet.
Whether you can hear it or not, The Universe is laughing behind your
back. National Lampoon, "Deteriorata"
Manoj Srivastava <email@example.com> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C