Re: PMFJI, but what (if anything is happening wrt crypto and us)?
Hello.
Ben Collins schrieb:
> On Thu, Jul 20, 2000 at 11:04:57AM -0400, Richard A Nelson wrote:
> > sendmail 8.11.0 was released last night (with SASL and TLS support) !
> > I packaged it last night (thankfully I've kept up with the beta/gamma).
> >
> > I can't legally package it, and have been unsuccessful in getting the
> > current 8.11.0.Beta removed from the FTP archive (also has TLS) because
> > Debian has not registered its archives with the gov.
>
> Yes, you can package it, so long as you don't link it with SSL. Note,
> openldap can also be linked with SSL and Kerberos (as do many other
> programs), but the binaries aren't linked, and can go safely into us/main.
>
[...]
>
> That support does not contain any crypto. The crypto is in the libraries
> with which it *could* be linked with. So if you don't link, then you are
> not breaking any crypto laws, whatsoever.
This worries me. We _could_ support crypto in debian, and it
_is_ an important feature for many people, so not supporting it
makes debian less valuable for them. Not compiling with crypto
support just because of export laws seems like a bad thing and a
policy violation to me.
BTW: couldn't a developer who lives in the US log into a machine
in a free country and build his packages there? No code would
ever be exported (as long as he doesn't open an editor on it),
so this should be legal IMHO, however IANAL.
ciao, 2ri
Reply to: