>> >Similarly, with the MIT tarball, I grab it from the UK debian mirror as a >> >.deb and extract it. The export was not done by me & I haven't broken any >> >laws by downloading it. > >> If you believe THAT, then I've got a couple dozen bridges I'd like to >> sell you. > >Er, which law are you suggesting that he's violating by downloading >Kerberos from a UK site?
US Export law, perhaps? Note that IANAL, but I have seen a statement out of the BXA saying that even though the Kerberos code in question was in the UK (the person was asking about a site in the UK that had Kerberos on it), anyone downloading Kerberos from that site could still be in violation of US Export law. And personally, I have a hard time believing that a lawmaker would miss such an obvious loophole. Now, are the crypto police going to be breaking down your door? Unlikely. Does MIT Kerberos already qualify for an export exemption? Almost certainly. Did Debian already do the necessary mojo to export MIT Kerberos? Yup. But don't go kidding yourself that you're somehow protecting yourself by getting MIT Kerberos from an offshore site, if that original export wasn't done legally. --Ken ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
