Re: WARNING: Crypto software to be included into main Debian distribution

To: Sam Hartman <hartmans@debian.org>
Cc: debian-legal@lists.debian.org
Subject: Re: WARNING: Crypto software to be included into main Debian distribution
From: Florian Lohoff <flo@rfc822.org>
Date: Sun, 24 Feb 2002 00:22:51 +0100
Message-id: <[🔎] 20020223232251.GB19326@paradigm.rfc822.org>
In-reply-to: <[🔎] tsld6ywt0x1.fsf@tir-na-nogth.mit.edu>
References: <87adu0enk3.fsf@tacitus.systems> <[🔎] 20020223185223.GD18099@paradigm.rfc822.org> <[🔎] 87pu2wc98k.fsf@tacitus.systems> <[🔎] 20020223192423.GB18791@paradigm.rfc822.org> <[🔎] tsld6ywt0x1.fsf@tir-na-nogth.mit.edu>

On Sat, Feb 23, 2002 at 03:10:02PM -0500, Sam Hartman wrote:

> Except of course that multi-step exporting is legal.  Well, is likely
> to be legal in most cases.  If I'm operating a US mirror, and you tell
> me that you're copying my mirror outside the US for the explicit
> purpose of making it available to T7, then I might care.

It is legel as long there is no knowledge of the export. But as soon
as anyone sees a mirror in one the the T7 countries we all know
of the export. How should we react. Can we track down the way
of ANY debian mirror world wide. Can we shut down or block any
of those mirrors ? If we cant (which i assume) the debian archive
itself will be immeatly polluted and is no longer usable for
any debian developer as anyone making uploads to it (with crytography)
will be held responsible for knowingly exporting it.

> I suggest that if you care you wade through the long document James
> pointed you at and it should become clear that even the US does not
> believe it can enforce US laws on non-US mirror operators exporting to
> people outside the US.

I know that there is only little chance of these laws really coming into
court. But who knows. With the scenario i described above anyone with
enough enthusiasm can make a DoS against large parts of the debian
workflow - Not technically - But legally.

More interestingly my initial point about DFSG paragraph 6 beeing 
not met with crypto in main has not been taken yet. From my
understanding we cant put crypto in main but in non-free - not by
license but by export regulations.

"Finally, you should be aware that a core set of US export controls
apply to all exports of open source cryptographic software from the
United States. In essence, these controls prohibit the export of open
source cryptographic software under License Exception TSU to
... (3) design, development, stockpiling, production or use of
nuclear, chemical or biological weapons or missiles."

Flo
-- 
Florian Lohoff                  flo@rfc822.org             +49-5201-669912
Nine nineth on september the 9th              Welcome to the new billenium

Attachment: pgpr94TYjbb7J.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: WARNING: Crypto software to be included into main Debian distribution
  - From: Sam Hartman <hartmans@MIT.EDU>

References:
- Re: WARNING: Crypto software to be included into main Debian distribution
  - From: Florian Lohoff <flo@rfc822.org>
- Re: WARNING: Crypto software to be included into main Debian distribution
  - From: James Troup <james@nocrew.org>
- Re: WARNING: Crypto software to be included into main Debian distribution
  - From: Florian Lohoff <flo@rfc822.org>
- Re: WARNING: Crypto software to be included into main Debian distribution
  - From: Sam Hartman <hartmans@debian.org>

Prev by Date: Re: WARNING: Crypto software to be included into main Debian distribution
Next by Date: Re: WARNING: Crypto software to be included into main Debian distribution
Previous by thread: Re: WARNING: Crypto software to be included into main Debian distribution
Next by thread: Re: WARNING: Crypto software to be included into main Debian distribution
Index(es):
- Date
- Thread