Re: silly socks5 copyright

To: adrian.bridgett@zetnet.co.uk
Cc: Debian Developers List <debian-devel@lists.debian.org>
Subject: Re: silly socks5 copyright
From: gsstark@mit.edu (Gregory S. Stark)
Date: 24 Jul 1998 00:11:26 -0400
Message-id: <[🔎] ycq4sw728i9.fsf@portY23.lanzen.net>
In-reply-to: Adrian Bridgett's message of "Thu, 23 Jul 1998 23:18:07 +0100"
References: <[🔎] 19980723231807.A5320@wyvern>

Adrian Bridgett <adrian.bridgett@zetnet.co.uk> writes:

> XX6.  You agree and certify that the Software will not be exported outside 
> XX    the United States except as authorized and as permitted by the laws 
> XX    and regulations of the United States.  If the Software have been 
> XX    rightfully obtained outside of the United States, you agree that you 
> XX    will not re-export the Software, except as permitted by the laws and 
> XX    regulations of the United States and the laws and regulations of the 
> XX    jurisdiction in which you obtained the Software.

> All the bits marked XX mean non-free, the export restrictions only apply if
> Kerberos support is compiled in (at least that's what I believe). It's not
> because I can't get Kerberos here.  There were no stern warnings on the site
> (which you would expect if it was a problem without Kerberos).

First of all, you can too get Kerberos. There's even a Kerberos package now in
non-us. The package is built from source from Sweden which was originally
based on the eBones edition of MIT Kerberos. It's a long story.

But I'm confused. They're exporting the source. If the source is legal to
export then binaries should certainly be legal to export too. The choice is:
If the source has hooks specifically for encryption then both it and binaries
would be unexportable; If the source has hooks only for authentication then
the binaries are certainly exportable and Gilmore claims the source is too.

I suppose it would matter for derivative versions. It means the license
prohibits you from making a derivative version with encryption hooks and then
exporting that version in violation of the US regulations.

So if you compile it with the non-us kerberos and it only does authentication,
then I don't believe you or we are violating the US regulations. (Actually I'm
not sure what it means for a UK citizen in the UK to violate US regulations.)

If it encrypts data (ie not just for authentication) then they're already
violating the export regulations. Whether can be said to be violating the
regulations by exporting it from the UK isn't clear to me. If so then doing so
may violate the license.

greg

--  
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- silly socks5 copyright
  - From: Adrian Bridgett <adrian.bridgett@zetnet.co.uk>

Prev by Date: Archive Restructuring - Introduction
Next by Date: Re: A simple mistake (was Re: Should we ship KDE in hamm?)
Previous by thread: Re: silly socks5 copyright
Next by thread: Re: silly socks5 copyright
Index(es):
- Date
- Thread