Re: WARNING: Crypto software to be included into main Debian distribution
Walter Landry <wlandry@ucsd.edu> writes:
> tb@becket.net (Thomas Bushnell, BSG) wrote:
> > "You might consider" is a far cry from "you must". I don't think you
> > understand how lawyers give recommendations.
>
> Are you suggesting that Debian not do those things? Is Debian going
> to distribute crypto without doing reverse IP lookups and without the
> use restrictions?
The use restrictions are contrary to our own existing policies, so we
can't take that recommendation. I would not object to the reverse IP
lookups, but if it's any real hassle, we could drop that too.
> What Debian does now is that it distributes all crypto stuff from
> servers outside of the US. If Debian distributes from the US, then it
> has to have a policy that official mirrors are not allowed in the T7.
> That is a significant change. Some people will think that it is worth
> it. Some will not.
Right. At the moment we have an *absolute* policy against mirrors in
the US--which hurts us in a jillion ways. We can easily replace that
with something much looser, and simply not advertise or go out of our
way to support any mirrors that might exist in T7 countries.
> By distributing crypto from the US, Debian ties its hands in a
> different way that they are currently tied. My point is that the new
> restrictions on how Debian operates are not trivial. I don't
> necessarily think that the best thing for Debian is to put crypto in
> main at all costs. We have a genuine, bona-fide legal opinion on what
> Debian would have to do in order to distribute crypto from the US. We
> now have to decide whether we should do it.
Right. But that legal opinion does not say that reverse IP lookups
are a *requirement*, nor does it say that a usage restriction is a
*requirement*.
Thomas
Reply to: