[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: USA crypto rules and libssl-dependent packages

Quoting Jimmy Kaplowitz <jimmy@kaplowitz.org>:
> On Fri, May 11, 2001 at 09:53:04PM -0400, sharkey@ale.physics.sunysb.edu wrote:
> > Our FTP servers do not block these countries, so I don't know if we
> > would still be considered compliant under these rules.  I think it's
> > safer to leave everything in non-US.
> I probably agree, but what about this sentence from section 2.1.5 of Debian
> Policy:
> A package containing a program with an interface to a cryptographic program or
> a program that's dynamically linked against a cryptographic library should not
> be distributed via the non-US server if it is capable of running without the
> cryptographic library or program. 

This might sound like a contrived, hypothetical situation but it's

Package hitop contains a binary, 'hitop'.
Binary 'hitop' may dynamically load, at _runtime_, its Postgres
  plugin, postgres.so.
Plugin postgres.so links against libpgsql.
libpgsql links against libssl.

I've had a bug report filed, saying that my package breaks section
2.1.2 of Policy, since it build-depends against libpgsql which is in

However, this seems to be contradicted by section 2.1.5 because
binary 'hitop' is capable of running without libssl.

I'm becoming increasingly frustrated by parochial laws in just one
country affecting a global distribution.

Andrew Stribblehill <ads@debian.org>
Systems programmer, IT Service, University of Durham, England

Reply to: