On Jun 30, 2006, at 11:47 PM, Justin Erenkrantz wrote:

On 6/30/06, Roy T. Fielding <[EMAIL PROTECTED]> wrote:
We do not distribute OpenSSL because it contains software that we
cannot distribute for reasons unrelated to export control.

I think we will end up distributing OpenSSL with our binaries.  I know
that the Win32 binaries will certainly be including the appropriate
OpenSSL DLLs.  I think what OtherBill's plan was to remove the
patent-encumbered code from our OpenSSL builds we do - at least on
Win32.  I'd expect the same for other platforms as well - especially
since OpenSSL is usually bundled as a static library not a dynamic
library.  (Some platforms ship it as a DSO, but that's only relatively
recently.)

Therefore, as Cliff indicated to us, we'll likely have to notify for
OpenSSL.  -- justin

If we remove the patent-encumbered code from OpenSSL, then it isn't
OpenSSL and we cannot distribute it or anything built from it under
the TSU exception without distributing the source code exactly as built.
That means we have to distribute the modified OpenSSL library as something else *not* called OpenSSL (because otherwise we are violating the OpenSSL license). In any case, none of our users want a modified OpenSSL -- they can download the real thing on their own. What we should be redistributing
is a post-install DLL relinking tool so that they can link our windows
binary with whatever they install for SSL, but I have no idea how.

We have to understand that these regulations were not written for
software developers.  They were written for people inspecting crates
for things that blow people up.  The notice is for *our* product and
we are only allowed to export *our* product if the entire product is
available in source form at a single location where a customs inspector
can choose to examine its totality for tiny little terrorists hidden
between the 1s and 0s.  As dumb as it sounds, those are the rules.
The number of different identifiable products existing within a
single package is completely irrelevant to BIS -- we have to file a
notice for each type of package, not each thing within the package.

....Roy

Reply via email to