The policy changed in that crypt is now allowed in main. But it is not yet reflected in the archive version of debian-policy. Please see http://lists.debian.org/debian-devel-announce/2002/debian-devel-announce-200203/msg00019.html In fact openssl was one of the first packages which moved into main followed by ssh and a lot of other packages. If you feel like it please reassign the bug to debian-policy or close it. Christoph Am Mit, 2002-04-24 um 22.05 schrieb José Luis González: > Package: libssl0.9.6 > Version: 0.9.6c-2 > Severity: severe > > This is from woody's policy: > > 2.1.5. The non-US sections > -------------------------- > > Some programs with cryptographic program code need to be stored on the > _non-US_ server because of United States export restrictions. Such > programs must be distributed in the appropriate _non-US_ section, > either _non-US/main_, _non-US/contrib_ or _non-US/non-free_. > > This applies only to packages which contain cryptographic code. A > package containing a program with an interface to a cryptographic > program or a program that's dynamically linked against a cryptographic > library should not be distributed via the _non-US_ server if it is > capable of running without the cryptographic library or program. > > > It seems to me that, until the policy is modified to explicitly allow > cryptographic code outside non-US, this package is violating a must > and so this "severe policy violation" bug report. > > I'm neither a Debian developer nor fully aware of the current status of > transition for cryptographic code into main. I'm not sure what the > policy means; as the discussion on bug #144374 reflects, there is > a need for an explicit statement about it.
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil