Re: need decision on packages with crypto hooks
Christian Schwarz wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Hi Daniel!
>
> There was a long discussion about "packages with crypto hooks" without a
> result. J.H.M.Dassen, the maintainer of mutt, asked me as Policy Manager
> to make that decision but I don't think I'm authorative for this.
>
> Note that I don't really want to start the discussion again.
>
> Here are the details:
>
> References:
> * Bug #7257
> * Thread "copyright/export issues for mailers with pgp hooks (bug #7257)"
> in debian-devel
>
> The problem:
> * The US law "ITAR" restricts export of crypto software.
> * It is unclear to all developers so far if this law applies to "crypto
> programs" only or to programs with "crypto hooks" (i.e. support/interface
> to crypto programs) too.
> * Example 1: NCSA or Mosaic (the developer didn't know) took PGP hooks
> our of their httpd.
> * Example 2: mutt's author don't want to export these hooks out of the
> US--but someone else did accidentially.
>
> Packages affected:
> * most (if not all) email programs (elm, mutt, pinepgp, mh, etc.)
> * other programs with email capabilities (emacs, etc.)
> * other programs with crypto hooks (perl with PGP i/f?, etc.)
>
> I see the following options:
>
> 1. We find a US-lawyer that can assure us that exporting the hooks only
> is not a problem. We could leave the packages on the master site (and move
> mutt from non-us to master) then.
> ==> Everything would be easy for us and also for the users, but we risk
> of having to fight for our decision (i.e. if a court doesn't believe us).
> I'm not sure if this is appropriate.
>
I've got a friend at the NSA. I'll ask he knows the person(yes it's
just one) that has the final approval rights.
I'll email again as soon as I get a response.
L8r -- Greg.
--
Greg Vence | Debian GNU Linux
KH2EA/4 | Diamond 2000 (7npw 4cpw)
gvence@ix.netcom.com | There is time for what's important
Reply to: