Cryptographic Software in Debian's Main Archive

Cine writes: "James Troup and Sam Hartman recently sent a note to all debian mirror maintainers, to inform them about the current situation and future plans. Sometime after March 8th, crypto software like OpenSSH, SSL support, and many other enhancements will be integrated into the debian main archive. This is in accordance to legal advice the Debian project received."

Re:Hi. Here is Crypto

[Mr_Person]

It's as though they just walked up and handed security to those who don't know how to use it.

It's not like having extra security without knowing exactly what it does is a bad thing. The Crypto section doesn't just contain things like PGP, but important server utilities like SSH, SSL and other things. It's my opinion that SSH should be installed by default (in place of telnet) on every server as it is much more secure. The people you're talking about probably didn't understand exactly how telnet worked and they probably won't understand exactly how SSH works, but they'll still get the benefits of the extra security as will anyone who depends on the servers that they run.

glad to see

[Partisan01]

I'm really glad to see this finally being included into the main archive. I'm also glad to see that they consulted legal sources before charging into any of this. Hopefully they will keep integrating cryptography into the distro more as time goes on. Keep up the good work guys.

no real effect

[Anonymous Coward]

Unless I am missing something, this won't have any real effect on end users. When I request a package to install it, I request it by name and have no idea what subdirectory it is kept in, apt keeps track of this information for me.

Re:This advice is bogus.

[Xtifr]

This restricts people from selling debian.

Yes, but it's the US gummit doing the restricting. Nor is this issue specific to Debian: any distro which includes crypto-enabled software (mozilla, galeon, even mutt) is going to have the same issues. If you want to sell a modern, non-crippled Linux distro of any type from the US, you're either going to have to:

a) sell only to US citizens, or
b) do the paperwork.

Which makes life hard for CD distributors

Apparently, the US gummint doesn't care. If I were a US-based CD vendor, I'd definitely complain to my gummint, but I'm not.

and is in contradiction with the GPL.

No, the GPL has nothing to do with it. The GPL addresses copyright issues. Other legal issues, like patents and other gummint regulations, are outside the scope of the GPL.

Money is spent on being sneaky...

[Futurepower(tm)]

It amazes me that the U.S. government has done as much as it can to try to outlaw privacy. To me, it seems that things are out of control in some parts of the U.S. government. The U.S. spends more on surveillance of everyone everywhere than any country ever has in the history of the world. Money is spent on being sneaky, rather than on making good relationships.

It is futile to try to avoid the export of software, particularly when having it is legal in other countries. Yet taxpayer money is spent on this. The U.S. government, in my opinion, should not try to control the entire world.

More on the extremes of U.S. government policy: What should be the Response to Violence? [hevanet.com]