Re: US-only packages (Re: Intent to package hesiod)

To: jk@espy.org (Joel Klecker)
Cc: debian-devel@lists.debian.org
Subject: Re: US-only packages (Re: Intent to package hesiod)
From: Bear Giles <bgiles@dimensional.com>
Date: Mon, 11 May 1998 16:04:41 -0600 (MDT)
Message-id: <[🔎] 199805112204.QAA29824@flatland.dimensional.com>
In-reply-to: <v04003a31b17bd0470222@[206.163.71.146]> from Joel Klecker at "May 11, 98 02:22:01 pm"

> Hmm... I think it needs to be determined how (or if) Debian should handle
> export restricted packages.
> 
> I personally feel that we should take the {Net,Free}BSD approach, which is
> to put export restricted files in a separate directory, and display a
> disclaimer to the effect that "files in this directory may be export
> restricted by US regulations, it is your responsibility not to export these
> files. Debian and the operator of this site cannot be held responsible for
> potential export of these files" upon login, and also when entering the
> directory.

This is a murky area where the government (correction: some parts
of the government) are clearly unwilling to play fair.   The classic
example is the professor who was told to take down the online notes
to his cryptology class because of the ITAR regulations.  The paper
notes, it must be noted, could be legally mailed to anywhere in the
world that the US can send *any* mail.  The professor sued, was
apparently about to win his case, and the government suddenly transfered
responibility for cryptographic ITAR enforcement to a different
agency.  Sor-ry, but you must restart your suit from ground zero
professor!

The harassment of Phil Zimmermann is another cautionary tale.
An investigation was undoubtly justified, under the regulations,
but the hounding he suffered was ridiculous (IMHO).

Personally, I would suggest the MIT approach.  Require people to
take deliberate affirmative actions to assert their right to access
the code.  (E.g., click on four HTML forms to prove legal status.)
Log the results.  If the answers are all affirmative, point them
to a hidden directory with the goodies stashed inside.  And, in
case that's too much bother, remind them on the top page that
the same material can be freely *imported* into the US from the
following sites.... :-)

Bear Giles
bear@coyotesong.com

P.S. I did get a working Kerberos 5 server installed last night.
The existing documentation is... misleading.  Commands have been
renamed, etc.  I'm starting to work on some documentation on
what needs to be done to get it to work, but an automatic installation
script on a system like mine (with xinetd, etc.) is far beyond
my current packaging skills as anyone whose looked at the Hesiod 
package will confirm. :*)


--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: US-only packages (Re: Intent to package hesiod)
  - From: sjc@gis.net

References:
- US-only packages (Re: Intent to package hesiod)
  - From: Joel Klecker <jk@espy.org>

Prev by Date: Re: Bug#22286: fvwm2: menu icons use too many colors in 8-bit mode (fwd)
Next by Date: Re: New APT version
Previous by thread: US-only packages (Re: Intent to package hesiod)
Next by thread: Re: US-only packages (Re: Intent to package hesiod)
Index(es):
- Date
- Thread