On Wed, Jun 07, 2006 at 01:03:48PM -0700, Roy T. Fielding wrote: > c) each redistributor (re-exporter) of our packages must do the same > [I am unsure if that means every mirror is supposed to file as > well, but for now I am guessing that they don't];
They don't :) > e) people who are in the banned set of countries and people in > countries that forbid encryption cannot legally download the current > httpd-2 packages because they include mod_ssl even when it won't be > used. I don't see how this can possibly be the case. If crypto code is illegal locally, then it is illegal locally and people need to figure that out from themselves. If a person happens to live in a country which is on the USA's banned list, there's nothing illegal (purely from their perspective) about their act of download, US law does not apply to them. Surely the illegality is that the ASF exports the code to those countries, and if anyone is answerable to those particular laws it is any US-based exporter of the code. I just want to be clear about this distinction, if it's correct. Or is there a suggestion that the situation invalidates the user's license? (contracts can be invalidated when a law is broken, but it's complex stuff). > I think the best way to accomplish that is to separate mod_ssl into a > subproject that is capable of producing overlay releases for each > release of httpd. yuck! -1 > Thoughts? Anyone have any better ideas? Is the mere legal registration of the ASF within US borders a solid stumbling block here? As in, could the situation be remedied by forbiding US-based distributors? (Similar to what Debian used to do with it's non-US repositories). -- Colm MacCárthaigh Public Key: [EMAIL PROTECTED]
