On Mon, Apr 18, 2016 at 4:12 PM, Mojca Miklavec <mo...@macports.org> wrote:
> Apparently USA export > restrictions forbid exporting software that does cryptography Umm, ITAR's had an OSS exemption for years. Are you reading old information? > (and > some other countries might have import restrictions). > Sadly still true. I have a problem understanding those rules because we are not dealing > with encrypted information, but merely use the same algorithms to > verify authenticity of the packages. > The law is often a blunt object, especially when formulated by those who do not understand the thing being regulated. My main question is: what options do we have (if any) to make package > verifications work out of the box (and without violating any > import/export restrictions) on Mac OS X? (The code signing is done on > Linux.) > It's nigh impossible to keep up with all relevant laws worldwide; the best you can do is obey the laws in the jurisdiction(s) providing the software and warn potential users that they must check their appropriate local regulations --- then try to help them on a case by case basis. By glimpsing through some parts of the source code in MacPorts I see > mention of "productsign" and "openssl" to do the job, but I didn't yet > productsign is used in creating signed OS X installer packages, and you simply can't do that sensibly on Linux. -- brandon s allbery kf8nh sine nomine associates allber...@gmail.com ballb...@sinenomine.net unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
_______________________________________________ macports-dev mailing list macports-dev@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-dev
