Re: unofficial mozilla 0.8 deb

To: John Galt <galt@inconnu.isu.edu>
Cc: Sampo Niskanen <sampo.niskanen@iki.fi>, debian-devel@lists.debian.org, debian-legal@lists.debian.org
Subject: Re: unofficial mozilla 0.8 deb
From: Craig Sanders <cas@taz.net.au>
Date: Sat, 10 Mar 2001 13:47:07 +1100
Message-id: <[🔎] 20010310134707.Z16199@taz.net.au>
Mail-followup-to: John Galt <galt@inconnu.isu.edu>, Sampo Niskanen <sampo.niskanen@iki.fi>, debian-devel@lists.debian.org, debian-legal@lists.debian.org
In-reply-to: <[🔎] Pine.LNX.4.32.0103091800160.3438-100000@inconnu.isu.edu>; from galt@inconnu.isu.edu on Fri, Mar 09, 2001 at 06:04:59PM -0700
References: <[🔎] 20010309162503.N16199@taz.net.au> <[🔎] Pine.LNX.4.32.0103091800160.3438-100000@inconnu.isu.edu>

On Fri, Mar 09, 2001 at 06:04:59PM -0700, John Galt wrote:
> 
> This issue has been done to death.  Basically, there's a notification
> requirement in the BXA rules.  Nobody that can do it wants to, and nobody
> that wants to do it can.

yes, there's a notification requirement.  i pointed that out in the message
you quoted (btw, there was no need to quote the entire message for a 3 line
reply):

> >as i understand the new (actually year old) US crypto rules, for open
> >source / public domain / free software programs, all you have to do
> >is notify the US government that you're exporting it and tell them
> >where/how.
> >
> > [...rules excerpt deleted...]
> >
> >an update in October 2000 clarified the matter even further, points out
> >that the exemption also covers binaries compiled from open source, and
> >even provides an email address to send the written notifications to:
> >
> > [...upate excerpt deleted...]
> >
> >that's a pretty clear statement that it's OK to export open source
> >crypto just by notifying the US government in writing.

what's the problem?  this is a minor annoyance, not a show-stopper.

ok, it's not perfect but it's doable. it could even be automated...it
would be trivial to add an optional "Crypto-Notification: yes" flag
to the debian/control file which could be read by dinstall to send an
automated notification whenever a new crypto package is uploaded.  it would
be up to the maintainer to add the control line.

alternatively, we're only talking about a couple of dozen crypto
packages so it's probably simpler to just maintain a text file list
of crypto packages - dinstall could read that and send a notification
message whenever a notifiable package is uploaded. creation of new
crypto packages would have to be co-ordinated with whoever maintains
that list....that's not a lot of work.

for fun (and the chance to win an all expenses paid vacation to a
maximum security cell block), the script could sign the notificiation
message as "Mr T. Errorist, Libya" :-)

craig

--
craig sanders <cas@taz.net.au>

      GnuPG Key: 1024D/CD5626F0 
Key fingerprint: 9674 7EE2 4AC6 F5EF 3C57  52C3 EC32 6810 CD56 26F0

Reply to:

Follow-Ups:
- Re: unofficial mozilla 0.8 deb
  - From: Nick Moffitt <nick@zork.net>
- Re: unofficial mozilla 0.8 deb
  - From: Greg Stark <gsstark@mit.edu>

References:
- Re: unofficial mozilla 0.8 deb
  - From: Craig Sanders <cas@taz.net.au>
- Re: unofficial mozilla 0.8 deb
  - From: John Galt <galt@inconnu.isu.edu>

Prev by Date: Re: unofficial mozilla 0.8 deb, autonotification in dupload
Next by Date: Re: US Maintainer Putting Package on non-US
Previous by thread: Re: unofficial mozilla 0.8 deb, autonotification in dupload
Next by thread: Re: unofficial mozilla 0.8 deb
Index(es):
- Date
- Thread