[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PMFJI, but what (if anything is happening wrt crypto and us)?

Ben Collins <bcollins@debian.org> writes:

> Yes, you can package it, so long as you don't link it with SSL. Note,
> openldap can also be linked with SSL and Kerberos (as do many other
> programs), but the binaries aren't linked, and can go safely into us/main.

I have to ask: there is a difference between statically and
dynamically linking.  If it is being dynamically linked, Mr. Nelson is
not exporting any encryption technology from the USA, and neither is
Debian.  It has already been established that "hooks" (in the form of
system() calls to PGP/GPG or whatever) are legal and valid, so I see
no reason why this should not be.

However, it brings up a technical issue in that the internal integrity
of the dependency tree of main would be compromised.  I don't know of
a good answer to that one, unless someone comes up with a "libunssl"
or something.

> That support does not contain any crypto. The crypto is in the libraries
> with which it *could* be linked with. So if you don't link, then you are
> not breaking any crypto laws, whatsoever.

I would say the same if you do link dynamically.

> Ben
> -- 
>  -----------=======-=-======-=========-----------=====------------=-=------
> /  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
> `  bcollins@debian.org  --  bcollins@openldap.org  --  bcollins@linux.com  '
>  `---=========------=======-------------=-=-----=-===-======-------=--=---'
> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

John Goerzen <jgoerzen@complete.org>                       www.complete.org
Sr. Software Developer, Progeny Linux Systems, Inc.    www.progenylinux.com
#include <std_disclaimer.h>                     <jgoerzen@progenylinux.com>

Reply to: