Cryptographic Software in Debian's Main Archive 96
Cine writes: "James Troup and Sam Hartman recently sent a note to all debian mirror maintainers, to inform them about the current situation and future plans. Sometime after March 8th, crypto software like OpenSSH, SSL support, and many other enhancements will be integrated into the debian main archive. This is in accordance to legal advice the Debian project received."
Crypto (Score:5, Interesting)
Hope it works out (Score:4, Interesting)
One thing that was interesting is that under section 740.13(e) of the US EAR, the software can be exported as long as the people that are exporting it file for export notification. Apparently one thing that they were worried about was whether or not the individual mirrors had to each file or if Debian could just file for the main archives and all the mirrors. According to their legal advice that should be okay. Let's just hope that they don't have any legal problems with it in the future.
This advice is bogus. (Score:1, Interesting)
This restricts people from selling debian.
Which makes life hard for CD distributors, and is in contradiction with the GPL.
Note: I do not sell debian( or any software ).
And to think... (Score:2, Interesting)
IP address based restrictions (Score:5, Interesting)
This is the second time I've seen this "recomendation" come out of a legal organization, in almost exactly the same wording no less. I've got to believe therefore that they are pulling it from some other source, such as an official regulation or other document.
Does anyone have such a list though? Can anyone provide a copy of it? Is it even technically possible to generate? In real time, or even close? I mean sure, it's technically trivial to implement this blocking, just a few iptables/ipchains commands, or some entries in the firewall's firmware... but I think getting that list to begin with is nearly impossible. How do you know where the other end of the phone line that is dialed into some modem bank on the other side of the net is?
In the last instance that I saw this (an external server at work) corporate legal was threatening to pull the plug if the admins didn't provide proof they were doing this. After much head scratching and searching the net my sugested response was that they would be happy to implement this just as soon as the legal department provided them with such a list.
I'm told they never heard back from legal on that topic.