Re: Squeak in Debian?

To: debian-legal@lists.debian.org
Subject: Re: Squeak in Debian?
From: Walter Landry <wlandry@ucsd.edu>
Date: Wed, 28 Apr 2004 21:29:41 -0400 (EDT)
Message-id: <[🔎] 20040428.212941.59461107.wlandry@ucsd.edu>
In-reply-to: <[🔎] E1BIvDQ-0002EA-00@logrus.dnsalias.net>
References: <[🔎] E1BIDkh-0008RQ-00@logrus.dnsalias.net> <[🔎] 20040428.005114.74745064.wlandry@ucsd.edu> <[🔎] E1BIvDQ-0002EA-00@logrus.dnsalias.net>

"Lex Spoon" <lex@cc.gatech.edu> wrote:
> 
> > > > > I do not understand your issue about locality.  The business in question
> > > > > is us, Debian.  We already have a distribution server at Berkeley, so we
> > > > > already need to evaluate and comply with the laws of northern
> > > > > California.
> > > > 
> > > > The CD distributors are not part of SPI, the non-profit that holds
> > > > title to the vast resources of Debian.  In addition, the Debian
> > > > mirrors only look at local law when evaluating whether to mirror
> > > > Debian.  They don't look up Northern California law.
> > > 
> > > The individual CD distributors should not be automatically distributing
> > > non-free stuff.  Thus I still do not see the issue.
> > > 
> > > It seems like our non-free infrastructure already needs to obey US
> > > export law, so I do not see the issue with us meeting that license
> > > condition.
> > 
> > non-free is not part of the bxa notification scheme, because the bxa
> > notifications is only available for certain type of software of which
> > main is a subset.  So there are still packages in non-us/non-free.
> > 
> 
> I don't see why BXA notification would be required for Squeak nowadays. 
> It used to have some secure hashing functions in there such as MD5 and
> SHA, but I just searched and those seem to be in a separate package
> nowadays.  People who want crytopgraphy routines in Squeak must now
> download them separately from "SqueakMap".

If there is nothing export controlled in Squeak, then the export
control clause won't cause any problems with it going into non-free.
However, that still doesn't solve the enhanced liability for the
mirrors.  That _is_ a basic distributability issue.

<snip>
> 	"In particular, but without limitation, the Apple Software may not be
> exported or reexported (i) into (or to a national or resident of) any
> U.S. embargoed country or (ii) to anyone on the U.S. Treasury
> Department's list of Specially Designated Nationals or the U.S.
> Department of Commerce's Table of Denial Orders. "
> 
> The "in particular" implies that this is a normal export regulation for
> the US.  Does anyone know?  If it is indeed normal, then what do our
> non-non-US servers do about it?

I believe that they do a reverse DNS lookup and make sure the IP
doesn't come from any of the seven deadly countries.  I don't remember
it ever being explicitly acknowledged, but that is what the SPI lawyer
suggested.

Regards,
Walter Landry
wlandry@ucsd.edu

Reply to:

References:
- Re: Squeak in Debian?
  - From: "Lex Spoon" <lex@cc.gatech.edu>
- Re: Squeak in Debian?
  - From: Walter Landry <wlandry@ucsd.edu>
- Re: Squeak in Debian?
  - From: "Lex Spoon" <lex@cc.gatech.edu>

Prev by Date: Re: DRAFT for a GR proposal concerning the Sarge release
Next by Date: Re: Problematic Software Licenses
Previous by thread: Re: Squeak in Debian?
Next by thread: Automated Reply from candidat <candidat@www.pmebtp.com>
Index(es):
- Date
- Thread