Hi!

This came over the debian-mirrors list today. There was some 
discussion about this in the past, but noone knew any real details...

-chrisp

>From: James Troup <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: WARNING: Crypto software to be included into main Debian distribution
>Date: 23 Feb 2002 06:49:03 +0000
>
>Hi,
>
>Debian has recently received legal advice explaining how we can
>include software with cryptographic functionality in our main archive.
>This document can be found at
><URL:http://www.debian.org/legal/cryptoinmain>.
>
>In accordance with this advice we plan to include cryptographic
>software in our main archive (at some point after March 8th).  This
>will allow us to integrate security software such as OpenSSH, SSL
>support, and many other enhancements into our operating system.
>
>Since you are mirroring the Debian distribution you may be wondering
>what impact, if any, this will have on you. Obviously you will notice
>the new software entering the main archive.  If you mirror non-US, you
>also may notice some software dropped from the non-US distribution as
>it moves into main.  The primary concern however is likely to be legal
>impact.  For mirrors outside the United States there should be no new
>legal issues not present for those already mirroring non-US (and
>accordingly the rest of the mail isn't relevant to you).
>
>The software in Debian's main archive is all publicly available in the
>sense of section 740.13(e) of the US EAR.  This means that it can be
>exported from the United States if Debian files export notification at
>the time of export.  According to the legal advice Debian received,
>mirrors do not need to send in their own notifications.  Debian will
>send in a notification that covers our master archive and any mirrors
>of that archive.  We will also update this notification as we add
>software.
>
>BXA regulations require that you not knowingly export to embargoed
>countries, as a show of good faith you may wish to consider
>implementing a reverse IP lookup that identifies the computer
>requesting the download, and that blocks downloads of the
>cryptographic archive to countries embargoed by the United States:
>Cuba (.cu), Iran (.ir), Iraq (.iq), Libya (.ly), North Korea (.kp),
>Syria (.sy), Sudan (.sd) and Taliban Occupied Afghanistan.  In
>addition, you might consider having a separate screen prior to
>download, that advises the person downloading the software as follows:
>
>    This software is subject to U.S. export controls applicable to open
>    source software that includes encryption.  Debian has filed the
>    notification with the Bureau of Export Administration and the
>    National Security Agency that is required prior to export under the
>    provisions of License Exception TSU of the U.S. Export
>    Administration Regulations.  Consistent with the requirements of
>    License Exception TSU, you represent and warrant that you are
>    eligible to receive this software, that you are not located in a
>    country subject to embargo by the United States, and that you will
>    not use the software directly or indirectly in the design,
>    development, stockpiling or use of nuclear, chemical or biological
>    weapons or missiles.  Compiled binary code that is given away free
>    of charge may be re-exported under the provisions of License
>    Exception TSU.  However, additional technical review and other
>    requirements may apply to commercial products incorporating this
>    code, prior to export from the United States.  For additional
>    information, please refer to www.bxa.doc.gov.
>
>If you have any questions about this new policy, please let us know.
>
>NB: I am not a lawyer and this mail is not legal advice.
>
>--
>James [with thanks to Sam Hartman for the text]

-- 
chrisp a.k.a. Christoph Pfisterer   "Any sufficiently advanced
[EMAIL PROTECTED] - http://chrisp.de      bug is indistinguishable
PGP key & geek code available        from a feature."

_______________________________________________
Fink-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/fink-devel

Reply via email to