Re: mutt no longer in non-us?
On Mon, 15 Nov 1999, Bruce Perens wrote:
> From: Brian Ristuccia <email@example.com>
> > What has changed that allows us to distribute mutt from the US to people
> > outside of the US despite the fact that mutt is capable of integrating with
> > strong encryption software and thereby capable of performing strong
> > encryption on messages it sends?
> This would also restrict "vi" and "emacs". Each is capable of piping text
> through a random command. It would restrict the shell. It would restrict the
> kernel. It would restrict any program with source code.
> Can't help the government on this one, sorry. If they have a problem with it,
> we'll have to see them in court.
Just to make clear I'm understanding the situation; does mutt have
anything that could be interpreted as "hooks" to encryption, even if it
doesn't have crypto code as part of the package? Or are scripts &
instructions on how to add crypto to the base product provided separately
from a non-us package? If the former, unless something has changed, the
U.S. considers that a crypto product. If the latter, you're OK. That's
why vi/emacs/shells/kernels wouldn't be called crypto products, so long as
they have no direct hooks themselves to encryption routines.
Of course, if the U.S. recently said that hooks to crypto is OK, then that
would be cool too. But this "hook" business is why we can't have SSL
directives & routines in the base Apache distrib, even if we told people
to bring over OpenSSL separately.