Re: need decision on packages with crypto hooks
Bruce:
> I think we should continue to include hooks for encryption programs in mail
> agents, etc., and handle the encryption as we have been up to now -
From: Klee Dienes <klee@mit.edu>
> Do you mean for this to include programs that can dynamically link
> against encryption libraries such as kerberos or GSSAPI?
> There are a number of packages (such as Zephyr, Discuss, OLC,
> fetchmail, and even telnet) that I would like to see us distribute
> with support for Kerberos and other encryption mechanisms.
I'm copying this back to debian-devel, as it's of general interest.
It's fine as long as there are stub libraries and no real encryption
software distributed with the applications. The fact is that we are
already as vulnerable as we can be to prosecution - we provide source
code for all programs, and the compilers used to build them, and they
can be easily modified to use encryption in monents once they are
exported. We also provide the dangerous and sinister pipe(2) system
call, which is a hook that can be used to connect almost any program
to a cryptography system.
It just doesn't look enforcable. When someone is successfully prosecuted
then I'll worry.
Bruce
--
Bruce Perens K6BP Bruce@Pixar.com 510-215-3502
Finger bruce@master.Debian.org for PGP public key.
PGP fingerprint = 88 6A 15 D0 65 D4 A3 A6 1F 89 6A 76 95 24 87 B3
Reply to: