On Wed, Jun 07, 2006 at 03:53:51PM -0500, William A. Rowe, Jr. wrote: > Before we take -any- action, we need to have one policy across the ASF.
*shrug*, this is [EMAIL PROTECTED], so I'm going to stick to httpd specifically for now, and that can feed in or not to any policy the ASF desires to later impose :-) > Our research hopefully contributes substantially to that policy. But > we can't enable per-project balkanization when it comes to complying > with US law. Sure, but I don't have the legal advice, and I'm trying to ask some targetted questions to see what other options there are. I've been studying law, for my sins ;-) Anyway, I'm not taking responsibility for monitoring any paralell discussions elsewhere within the ASF and trying to ensure coherency. > As I've said, I'm ok with two seperate (full) tarballs, e.g. two (full) > corresponding binary distributions; I'm ok with a core tarball and an > add-on crypto component. I'm not really ok with the status quo as there > is no way to not download crypto in a restricted jurisdiction if one wants > httpd, unless some party has retarred the release for us sans mod_ssl. I'm fine with that too, it's a sensible pragmatic thing which makes life easier for a lot of people. Re-organising our subversion tree and development practices seems a bit extreme though, I mean do we also split out mod_auth_digest? Where do we stop? I don't want to have to RM, test or vote on two or three tarballs every time we make what is really one release because of some dumb laws. > >Is the mere legal registration of the ASF within US borders a solid > >stumbling block here? As in, could the situation be remedied by > >forbiding US-based distributors? (Similar to what Debian used to do with > >it's non-US repositories). > > Dude, we are a Deleware, US foundation. Sure, I realise that, and SPI is a New York, US foundation, but Debian managed to distribute non-US for years. But I'm not privy to their legal advice either. So, I'm wondering how effective a liability shield it is for a US-based corporation to export such content via non-US-based distributors. It seems odd that this would work legally, but that SPI/Debian did it for so long sparks my interest; maybe there is a path through. -- Colm MacCárthaigh Public Key: [EMAIL PROTECTED]
