[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Crypto in Main document...

>>"Raul" == Raul Miller <moth@debian.org> writes:

 Raul> My first thought, on reading this, is: Do we care about stability?
 Raul> If U.S. laws or regulations are likely to change significantly (because
 Raul> of constitutional challenges, lobbying, etc.) do we care?  If so, what
 Raul> kinds of likely changes do we care about?  [Does it matter to us if the
 Raul> legal climate on cryptography requiers us to change our crypto policy
 Raul> a couple times every year?]

	It matters from a viewpoint of administering the archives,
 the upload queues, etc. Suppose we merge the two archives, and
 then. as you put it, the cryptographic climate changes. Would there
 be any liability? We would still need to remove the software from the
 master site, and would have to hasten to remove it from sites which
 replicate the software repository (mirrors).  CD vendors may be
 hesitant to offer Debian in bulk if ever their inventory is deemed
 illegal. We would have to reinstitute any dismantled upgrade and
 autobuild processes that were obsoleted when we moved all crypto
 software into main. 

	Upgrade paths may be compromised by the vacillation. Indeed,
 depending on how far the integration of crypto spreads into software
 that has traditionally not had crypto, and thus been in main,
 reverting may cause enough of software to have to go to non-us/main
 that the distribution left in main would be crippled.

 >> As with all operating system vendors, Debian needs to include
 >> cryptographic software. This software provides security, allows
 >> users to engage in Internet commerce, and accomplishes other tasks
 >> requiring cryptography. Today, this software is stored on a server
 >> outside the United States. Currently Debian takes no measures to
 >> assist US developers in following export control regulations if
 >> they upload software to the non-US archive or to prevent them from
 >> uploading software. We would like to move cryptographic software from
 >> the server outside the US onto our main server in the US.

 Raul> Would some of the reasons why we want this matter to a legal person?

	Well, ok. 
 Usability: with the increasing networked nature of the work, and the
 fact that more and more critical functions are being placed on
 computing platforms, and the unfortunate growth of mischief and
 deliberate malice, security is going to be increasingly
 important. Cryptography is an important corner stone of a number of
 security processes. Any OS that does not make an effort to seamlessly
 integrate cryptography is unlikely to be competitive.

 Putting all software on a single source, and the corresponding
 ability to create a single set of CD's that have integrated
 cryptographic support makes it easier for the users, makes it easier
 for CD vendors, simplifies the task of developers uploading software
 to these sites, and simplifies the task of replicating the software
 repositories on the internet. 


 Whether you can hear it or not, The Universe is laughing behind your
 back. National Lampoon, "Deteriorata"
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: