On Mon, Sep 1, 2008 at 9:12 AM, Arc Riley <[EMAIL PROTECTED]> wrote: > > As an American, I cannot export cryptographic software. As a result, I > don't work on it. > > That doesn't prevent me from building or modifying software that utilizes > those components, as those components are imported.
And you're required to offer that modified software to people in countries where cryptographic software is illegal solely because you have modified your server software that is using cryptographic code and allowing them to interact with it (even if said code is not invoked). You are importing and using crypto in the US which is perfectly fine. The AGPLv3 requires you to re-export that code in the event that you modify server software using it -- even if exporting crypto is illegal for you. The GPL (all versions) does not place this requirement on you. You are free to import server software using crypto, modify it, and make that software available for interaction over a network without being required to re-export the software and thus the crypto it contains. As the AGPLv3 will force you, from the United States, to offer cryptographic software for export in the event that you modify server software using it and (make that software available for interaction over a network), it is forcing you to violate US law. I believe this is the point that Miriam Ruiz is making. Wether this is a problem or not is not something I am commenting on, however, I will add that I feel expecting Joe Developer to maintain an IP blacklist in order to avoid violating the law in their home countries (a solution you have suggested) *is* an onerous requirement. In order to make the source available to all users (in the absence of locking the entire non-US world out of your server), the law will have to be violated at least once (export/upload of the modified cryptographic containing source to a repository outside US territory). -- Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
