Depending on non-US libs
As I understand it, software which links with crypto libs must (still) be
uploaded to non-US. I have packaged the ARIS Extractor from SecurityFocus,
which links with libcurl to perform an HTTPS POST request. Though it seems
to run fine with non-SSL libcurl, it cannot fulfill its intended purpose
without SSL support.
Should I:
1. Leave the dependencies as determined by the shlibs file from libcurl,
which says that either libcurl or libcurl-ssl is OK, and upload to main.
There is nothing in ARIS Extractor which could even be considered a hook
to something definitively cryptographic, so this should be legal, yes?
Of course, the software would not be useful without libcurl-ssl, and that
is undesirable.
2. Depend on libcurl-ssl only and upload to non-US. Is this legal? (I am in
the US, but ARIS Extractor contains no crypto)
3. Hand off the package to someone in the free world
?
--
- mdz
Reply to: