[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

USA crypto rules and libssl-dependent packages

Hi. I am a novice Debian package maintainer, in the queue for becoming an
official developer. I am maintaining a package called althea, which is an
IMAP email client for GTK+. They have recently added support for SSL through
linking to libssl (from OpenSSL). This is configurable based on the values
of a couple variables in the Makefile. I have a couple of questions:

1) I live in the US. Therefore, do I have to send a BXA notification to the
government (I believe license exception TSU is applicable - correct me if I'm
wrong)? Also, do I have to do their thing that they mention on their website
about sending a message to the ENC Classification Review Coordinator (or,
something like that) in addition to crypto@bxa.doc.gov, and if so, how do I
do that? Also, is a BXA notification form sufficient to export binary .debs
linked with libssl? Would anyone be able to export them, including other US
mirror sites, so long as I provide an export of the same stuff that I notify
the BXA about?

2) Do the binary .debs go in non-US? What about the Debian source files? If I
make additional non-ssl .debs from the same source, would they be in
non-US or not? Also, to the people on -mentors, how would I do this? (I
am somewhat new to Debian packages.)

I know this is a big message, but I very much appreciate any replies that you
would be kind enough to give. Please CC on your replies; I am not subscribed
to -legal (though I just got through reading your riveting discussion regarding
Sergio Brandano's request on the archives :), and even though I am subscribed
to -mentors, that mail gets ferreted away by procmail into a separate box and
I would like to see this thread in my main inbox.

Thank you all.

- Jimmy Kaplowitz
jimmy@kaplowitz.org - soon, hopefully, jimmy@debian.org :-)

Attachment: pgporzb8U8lAe.pgp
Description: PGP signature

Reply to: