Re: Is AGPLv3 DFSG-free?
On Mon, Sep 1, 2008 at 9:12 AM, Arc Riley <firstname.lastname@example.org> wrote:
> As an American, I cannot export cryptographic software. As a result, I
> don't work on it.
> That doesn't prevent me from building or modifying software that utilizes
> those components, as those components are imported.
And you're required to offer that modified software to people in
countries where cryptographic software is illegal solely because you
have modified your server software that is using cryptographic code
and allowing them to interact with it (even if said code is not
You are importing and using crypto in the US which is perfectly fine.
The AGPLv3 requires you to re-export that code in the event that you
modify server software using it -- even if exporting crypto is illegal
for you. The GPL (all versions) does not place this requirement on
you. You are free to import server software using crypto, modify it,
and make that software available for interaction over a network
without being required to re-export the software and thus the crypto
As the AGPLv3 will force you, from the United States, to offer
cryptographic software for export in the event that you modify server
software using it and (make that software available for interaction
over a network), it is forcing you to violate US law.
I believe this is the point that Miriam Ruiz is making.
Wether this is a problem or not is not something I am commenting on,
however, I will add that I feel expecting Joe Developer to maintain an
IP blacklist in order to avoid violating the law in their home
countries (a solution you have suggested) *is* an onerous requirement.
In order to make the source available to all users (in the absence of
locking the entire non-US world out of your server), the law will have
to be violated at least once (export/upload of the modified
cryptographic containing source to a repository outside US territory).