Re: US Maintainer Putting Package on non-US

To: Debian User List <debian-user@lists.debian.org>
Subject: Re: US Maintainer Putting Package on non-US
From: "Noah L. Meyerhans" <frodo@morgul.net>
Date: Sat, 10 Mar 2001 13:43:50 -0500
Message-id: <[🔎] 20010310134350.B10248@morgul.net>
In-reply-to: <20010309235938.T1146@osiris.978.org>; from brian@ristuccia.com on Fri, Mar 09, 2001 at 11:59:38PM -0500
References: <87d7bv4uiz.fsf@priss.bad-people-of-the-future.san-francisco.ca.us> <20010309235938.T1146@osiris.978.org>

On Fri, Mar 09, 2001 at 11:59:38PM -0500, Brian Ristuccia wrote:
> * Evan Prodromou <evan@debian.org> [010305 18:46]:
> > My problem is that I'm a US citizen. I think, as far as I can tell,
> > that it's legal for me to upload this code to a non-US server. 
> 
> It is, provided you mail a copy of the software or the public address where
> you will be posting it to crypt@bxa.doc.gov before you upload. I've proposed
> a modification to dupload that would let you automagically send the package
> itself to a list of addresses at upload time. (It's too difficult to
> reliably tell what the ultimate location is going to end up being due to
> mirroring, potential future changes to dinstall, etc.)

I wish people would be more careful with this.  A lot of people (myself
included) feel that the government is very likely to attempt to revert
to its former policies regarding crypto technology exports.  My fears
grew with a recent little propaganda campaign that they ran, reporting
to several major U.S. newspapers that strong crypto is what's allowing
terrorists like Ossama bin Laden to continue to get away with stuff that
he's doing.

Remember that no laws have changed in the U.S.  It was merely an
executive decision by the Clinton administration that altered the policy
regarding export of strong crypto.  There's no indication that the new
administration supports the new policy at all, and considering some of
the characters involved, there is reason to suspect the opposite.

> It used to be prohibited for people in the US to upload crypto capable
> software to non-us, but I don't think this is the case any longer. Recently,
> I've even seen growing consensus that it's OK to upload crypto software to
> main provided you make the bxa notification before you upload. Crypto and
> crypto hooks already in main includes Netscape 4, mutt, and the soon to be
> uploaded Mozilla 0.8 package.

Groups like FreeS/WAN and OpenBSD still don't allow crypto development
by U.S. citizens.  I don't necessarily propose that Debian takes such a
stance, but I *really* don't think it's a good idea to allow crypto in
main.  If the government policy does change after we've integrated
crypto with main then we've got a big mess to deal with and it will take
a lot of work to get things back to a legal state.

noah

-- 
 _______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html

Attachment: pgpnVkZH7ivhS.pgp
Description: PGP signature

Reply to:

Prev by Date: Need Help Compiling the DFE 530tx+ driver
Next by Date: TFTP-Server
Previous by thread: Re: Need Help Compiling the DFE 530tx+ driver
Next by thread: TFTP-Server
Index(es):
- Date
- Thread