[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: unofficial mozilla 0.8 deb

On Fri, Mar 09, 2001 at 06:04:59PM -0700, John Galt wrote:
> This issue has been done to death.  Basically, there's a notification
> requirement in the BXA rules.  Nobody that can do it wants to, and nobody
> that wants to do it can.

yes, there's a notification requirement.  i pointed that out in the message
you quoted (btw, there was no need to quote the entire message for a 3 line

> >as i understand the new (actually year old) US crypto rules, for open
> >source / public domain / free software programs, all you have to do
> >is notify the US government that you're exporting it and tell them
> >where/how.
> >
> > [...rules excerpt deleted...]
> >
> >an update in October 2000 clarified the matter even further, points out
> >that the exemption also covers binaries compiled from open source, and
> >even provides an email address to send the written notifications to:
> >
> > [...upate excerpt deleted...]
> >
> >that's a pretty clear statement that it's OK to export open source
> >crypto just by notifying the US government in writing.

what's the problem?  this is a minor annoyance, not a show-stopper.

ok, it's not perfect but it's doable. it could even be automated...it
would be trivial to add an optional "Crypto-Notification: yes" flag
to the debian/control file which could be read by dinstall to send an
automated notification whenever a new crypto package is uploaded.  it would
be up to the maintainer to add the control line.

alternatively, we're only talking about a couple of dozen crypto
packages so it's probably simpler to just maintain a text file list
of crypto packages - dinstall could read that and send a notification
message whenever a notifiable package is uploaded. creation of new
crypto packages would have to be co-ordinated with whoever maintains
that list....that's not a lot of work.

for fun (and the chance to win an all expenses paid vacation to a
maximum security cell block), the script could sign the notificiation
message as "Mr T. Errorist, Libya" :-)


craig sanders <cas@taz.net.au>

      GnuPG Key: 1024D/CD5626F0 
Key fingerprint: 9674 7EE2 4AC6 F5EF 3C57  52C3 EC32 6810 CD56 26F0

Reply to: