[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: US government notification of new crypto package?

On Sat, Sep 25, 2010 at 10:32:38AM +0800, Paul Wise wrote:
> On Sat, Sep 25, 2010 at 10:04 AM, John Morrissey <jwm@horde.net> wrote:

> > I'm packaging the PHP PEAR Crypt_Blowfish module. I noticed:

> >  http://www.debian.org/legal/notificationfornewpackages

> > which seems to indicate I need to update the US Bureau of Export
> > Administration before uploading this package for the first time.

> > Is this still a requirement?

> IIRC the archive software (dak) does this automatically for every new
> package (or every upload, not sure) whether it contains arms^Wcrypto
> stuff or not so that Debian can basically ignore this problem until
> the requirements change.

So long as the upload queue continues to reside in the US, this is true.
However, the current ftp team have made several proposals that seem to
disregard this aspect of the crypto-in-main solution; I would recommend that
any US-based developers who are concerned about compliance with US export
regs be watchful for future developments.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Attachment: signature.asc
Description: Digital signature

Reply to: