[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#128666: Depending on non-US libs



On Sat, Jan 26, 2002 at 09:44:04PM -0600, Adam Majer wrote:

> On Sat, Jan 26, 2002 at 06:05:33PM -0500, Matt Zimmerman wrote:
> > 1. Leave the dependencies as determined by the shlibs file from libcurl,
> >    which says that either libcurl or libcurl-ssl is OK, and upload to main.
> >    There is nothing in ARIS Extractor which could even be considered a hook
> >    to something definitively cryptographic, so this should be legal, yes?
> >    Of course, the software would not be useful without libcurl-ssl, and that
> >    is undesirable.
> 
> I'm not sure but packages that link against libraries like SSL use encription
> implicitly. Since source doesn't contain crypto, then I guess a fairly safe
> bet is to UL source only and let autobuilder to build all these things.

That's the thing; it isn't linked against libssl, it only links against
libcurl.  There are two compatible libcurl versions available in Debian,
with and without SSL, so I don't thitk that it can be said that it even has
references to crypto.

> > 2. Depend on libcurl-ssl only and upload to non-US.  Is this legal? (I am in
> >    the US, but ARIS Extractor contains no crypto)
> 
> Anyone can UL to non-us. IMHO at least.

If I were to upoad crypto to non-us.debian.org, that would be considered
export.  I believe that it has now been established that this kind of export
is acceptable for Debian, once we implement some technical measures.

If that process were complete, this discussion would be moot.  Does anyone
know who (if anyone) is working on implementing these measures?

-- 
 - mdz



Reply to: