[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Squeak in Debian?

"Lex Spoon" <lex@cc.gatech.edu> wrote:
> > > > > I do not understand your issue about locality.  The business in question
> > > > > is us, Debian.  We already have a distribution server at Berkeley, so we
> > > > > already need to evaluate and comply with the laws of northern
> > > > > California.
> > > > 
> > > > The CD distributors are not part of SPI, the non-profit that holds
> > > > title to the vast resources of Debian.  In addition, the Debian
> > > > mirrors only look at local law when evaluating whether to mirror
> > > > Debian.  They don't look up Northern California law.
> > > 
> > > The individual CD distributors should not be automatically distributing
> > > non-free stuff.  Thus I still do not see the issue.
> > > 
> > > It seems like our non-free infrastructure already needs to obey US
> > > export law, so I do not see the issue with us meeting that license
> > > condition.
> > 
> > non-free is not part of the bxa notification scheme, because the bxa
> > notifications is only available for certain type of software of which
> > main is a subset.  So there are still packages in non-us/non-free.
> > 
> I don't see why BXA notification would be required for Squeak nowadays. 
> It used to have some secure hashing functions in there such as MD5 and
> SHA, but I just searched and those seem to be in a separate package
> nowadays.  People who want crytopgraphy routines in Squeak must now
> download them separately from "SqueakMap".

If there is nothing export controlled in Squeak, then the export
control clause won't cause any problems with it going into non-free.
However, that still doesn't solve the enhanced liability for the
mirrors.  That _is_ a basic distributability issue.

> 	"In particular, but without limitation, the Apple Software may not be
> exported or reexported (i) into (or to a national or resident of) any
> U.S. embargoed country or (ii) to anyone on the U.S. Treasury
> Department's list of Specially Designated Nationals or the U.S.
> Department of Commerce's Table of Denial Orders. "
> The "in particular" implies that this is a normal export regulation for
> the US.  Does anyone know?  If it is indeed normal, then what do our
> non-non-US servers do about it?

I believe that they do a reverse DNS lookup and make sure the IP
doesn't come from any of the seven deadly countries.  I don't remember
it ever being explicitly acknowledged, but that is what the SPI lawyer

Walter Landry

Reply to: