Wanted: clarification of current non-US policy.
I've been seeing a lot posts lately discussing which CD images should be
used where, etc., especially with respect to CD images which include the
My understanding was that non-US/main had three basic classes of
in it (not necessarily exclusive classes):
crypto: Any DFSG-compliant package which implemented cryptography that
would be export-restricted from the US. (ex: ssh, gpg, pgp, ssl, etc)
patent: Any DFSG-compliant package which implemented algorithms or
techniques known to violate US patents that are not enforceable outside
of the US. (ex: GIF-encoders, MP3 encoders, implementations of RSA or
IDEA, etc). I believe it was a policy decision that patents may make a
package undistributable, but were not sufficient to make a package
non-DFSG -- the author isn't responsible for patent policy.
closure: Any DFSG-compliant package which depended upon any package in
Of these three categories, packages in "crypto" can be used freely
within the US, but not exported, but packages in "patent" cannot be
used freely within the US. This would present a problem for
distributors who were distributing the non-US/main tree in the US, even
without exporting it.
There is talk of making a single CD image, which is distributable
anywhere but is not exportable. Based on my understanding, I can see
two possible reasons for this:
I) I am mistaken about the status of the packages in the "patent"
class, and a) they are not in non-US/main and so would not end up on
the single CD image in question, or b) they aren't the problem I think
they are, and will end up on the single CD image without any legal
II) Someone has forgotten about the package in the "patent" class, and
I've just ruined their day.
So, which is it?
Buddha Buck email@example.com
"Just as the strength of the Internet is chaos, so the strength of our
liberty depends upon the chaos and cacophony of the unfettered speech
the First Amendment protects." -- A.L.A. v. U.S. Dept. of Justice