Hi! This came over the debian-mirrors list today. There was some discussion about this in the past, but noone knew any real details...
-chrisp >From: James Troup <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: WARNING: Crypto software to be included into main Debian distribution >Date: 23 Feb 2002 06:49:03 +0000 > >Hi, > >Debian has recently received legal advice explaining how we can >include software with cryptographic functionality in our main archive. >This document can be found at ><URL:http://www.debian.org/legal/cryptoinmain>. > >In accordance with this advice we plan to include cryptographic >software in our main archive (at some point after March 8th). This >will allow us to integrate security software such as OpenSSH, SSL >support, and many other enhancements into our operating system. > >Since you are mirroring the Debian distribution you may be wondering >what impact, if any, this will have on you. Obviously you will notice >the new software entering the main archive. If you mirror non-US, you >also may notice some software dropped from the non-US distribution as >it moves into main. The primary concern however is likely to be legal >impact. For mirrors outside the United States there should be no new >legal issues not present for those already mirroring non-US (and >accordingly the rest of the mail isn't relevant to you). > >The software in Debian's main archive is all publicly available in the >sense of section 740.13(e) of the US EAR. This means that it can be >exported from the United States if Debian files export notification at >the time of export. According to the legal advice Debian received, >mirrors do not need to send in their own notifications. Debian will >send in a notification that covers our master archive and any mirrors >of that archive. We will also update this notification as we add >software. > >BXA regulations require that you not knowingly export to embargoed >countries, as a show of good faith you may wish to consider >implementing a reverse IP lookup that identifies the computer >requesting the download, and that blocks downloads of the >cryptographic archive to countries embargoed by the United States: >Cuba (.cu), Iran (.ir), Iraq (.iq), Libya (.ly), North Korea (.kp), >Syria (.sy), Sudan (.sd) and Taliban Occupied Afghanistan. In >addition, you might consider having a separate screen prior to >download, that advises the person downloading the software as follows: > > This software is subject to U.S. export controls applicable to open > source software that includes encryption. Debian has filed the > notification with the Bureau of Export Administration and the > National Security Agency that is required prior to export under the > provisions of License Exception TSU of the U.S. Export > Administration Regulations. Consistent with the requirements of > License Exception TSU, you represent and warrant that you are > eligible to receive this software, that you are not located in a > country subject to embargo by the United States, and that you will > not use the software directly or indirectly in the design, > development, stockpiling or use of nuclear, chemical or biological > weapons or missiles. Compiled binary code that is given away free > of charge may be re-exported under the provisions of License > Exception TSU. However, additional technical review and other > requirements may apply to commercial products incorporating this > code, prior to export from the United States. For additional > information, please refer to www.bxa.doc.gov. > >If you have any questions about this new policy, please let us know. > >NB: I am not a lawyer and this mail is not legal advice. > >-- >James [with thanks to Sam Hartman for the text] -- chrisp a.k.a. Christoph Pfisterer "Any sufficiently advanced [EMAIL PROTECTED] - http://chrisp.de bug is indistinguishable PGP key & geek code available from a feature." _______________________________________________ Fink-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-devel