"Lex Spoon" <[EMAIL PROTECTED]> wrote: > > > > > > I do not understand your issue about locality. The business in > > > > > question > > > > > is us, Debian. We already have a distribution server at Berkeley, so > > > > > we > > > > > already need to evaluate and comply with the laws of northern > > > > > California. > > > > > > > > The CD distributors are not part of SPI, the non-profit that holds > > > > title to the vast resources of Debian. In addition, the Debian > > > > mirrors only look at local law when evaluating whether to mirror > > > > Debian. They don't look up Northern California law. > > > > > > The individual CD distributors should not be automatically distributing > > > non-free stuff. Thus I still do not see the issue. > > > > > > It seems like our non-free infrastructure already needs to obey US > > > export law, so I do not see the issue with us meeting that license > > > condition. > > > > non-free is not part of the bxa notification scheme, because the bxa > > notifications is only available for certain type of software of which > > main is a subset. So there are still packages in non-us/non-free. > > > > I don't see why BXA notification would be required for Squeak nowadays. > It used to have some secure hashing functions in there such as MD5 and > SHA, but I just searched and those seem to be in a separate package > nowadays. People who want crytopgraphy routines in Squeak must now > download them separately from "SqueakMap".
If there is nothing export controlled in Squeak, then the export control clause won't cause any problems with it going into non-free. However, that still doesn't solve the enhanced liability for the mirrors. That _is_ a basic distributability issue. <snip> > "In particular, but without limitation, the Apple Software may not be > exported or reexported (i) into (or to a national or resident of) any > U.S. embargoed country or (ii) to anyone on the U.S. Treasury > Department's list of Specially Designated Nationals or the U.S. > Department of Commerce's Table of Denial Orders. " > > The "in particular" implies that this is a normal export regulation for > the US. Does anyone know? If it is indeed normal, then what do our > non-non-US servers do about it? I believe that they do a reverse DNS lookup and make sure the IP doesn't come from any of the seven deadly countries. I don't remember it ever being explicitly acknowledged, but that is what the SPI lawyer suggested. Regards, Walter Landry [EMAIL PROTECTED]
