Re: Squeak in Debian?
"Lex Spoon" <firstname.lastname@example.org> wrote:
> > > > > I do not understand your issue about locality. The business in question
> > > > > is us, Debian. We already have a distribution server at Berkeley, so we
> > > > > already need to evaluate and comply with the laws of northern
> > > > > California.
> > > >
> > > > The CD distributors are not part of SPI, the non-profit that holds
> > > > title to the vast resources of Debian. In addition, the Debian
> > > > mirrors only look at local law when evaluating whether to mirror
> > > > Debian. They don't look up Northern California law.
> > >
> > > The individual CD distributors should not be automatically distributing
> > > non-free stuff. Thus I still do not see the issue.
> > >
> > > It seems like our non-free infrastructure already needs to obey US
> > > export law, so I do not see the issue with us meeting that license
> > > condition.
> > non-free is not part of the bxa notification scheme, because the bxa
> > notifications is only available for certain type of software of which
> > main is a subset. So there are still packages in non-us/non-free.
> I don't see why BXA notification would be required for Squeak nowadays.
> It used to have some secure hashing functions in there such as MD5 and
> SHA, but I just searched and those seem to be in a separate package
> nowadays. People who want crytopgraphy routines in Squeak must now
> download them separately from "SqueakMap".
If there is nothing export controlled in Squeak, then the export
control clause won't cause any problems with it going into non-free.
However, that still doesn't solve the enhanced liability for the
mirrors. That _is_ a basic distributability issue.
> "In particular, but without limitation, the Apple Software may not be
> exported or reexported (i) into (or to a national or resident of) any
> U.S. embargoed country or (ii) to anyone on the U.S. Treasury
> Department's list of Specially Designated Nationals or the U.S.
> Department of Commerce's Table of Denial Orders. "
> The "in particular" implies that this is a normal export regulation for
> the US. Does anyone know? If it is indeed normal, then what do our
> non-non-US servers do about it?
I believe that they do a reverse DNS lookup and make sure the IP
doesn't come from any of the seven deadly countries. I don't remember
it ever being explicitly acknowledged, but that is what the SPI lawyer