"Pat" <paparsoss@gmail.com> wrote in message [🔎] 2e4e9dbd0708141051q4cee16b6qd5ef4f5996213e95@mail.gmail.com">news:[🔎] 2e4e9dbd0708141051q4cee16b6qd5ef4f5996213e95@mail.gmail.com...
How would the US export restrictions be applicable to a custom debian cdrom? The cdrom would have no additional crypto functionality than what is already available in debian and there would be no changes to the source code, so how would it apply regarding distributing isos? How are these export restrictions applicable to mirroring Debian? Is there anything additional I need to do or is it covered by Debian as it is Debain software?
I am not a lawyer, so this is not legal advice. I am not a Debian Developer, and this is in no way an official statement of the project.
Based on http://www.debian.org/legal/cryptoinmain which was written by a lawyer: "Only one notification for one U.S. site is required; no separate notification is required for mirror sites inside or outside the U.S. This notification would only have to be updated if you added a new program implementing encryption."
So assuming that the laywer was correct (and it seems likely, more below), you should be fine. (Unless the law has changed, but i have not heard of any change).
Apparently Debian has been used by the government as an example of the right way to do things (see http://lists.debian.org/debian-project/2005/08/msg00018.html), so it seems safe to assume that the lawyer was correct.