On Sat, Dec 23, 2017 at 04:24:22PM +0530, Dinesh Thirumurthy wrote:
> >From https://www.openbsd.org/cvsync.html
>
> " IMPORTANT NOTE: There are a few issues relating to cryptographic
> software that everyone should be aware of:
> ...
> However, if you are outside the USA or Canada, you should not fetch
> the cryptographic sections of the OpenBSD sources from a CVSync server
> located in the USA. The files in question are...
> src/kerberosIV/*
> src/kerberosV/*
> src/lib/libdes/*
> src/lib/libc/crypt/crypt.c
> src/lib/libc/crypt/morecrypt.c
> src/sys/crypto
> src/sys/netinet
> src/usr.sbin/afs/src/rxkad/*
>
> Because of the USA ITAR munitions list, crypto software may only be
> exported to Canada from the USA."
>
> generalising cvsync server to any version control software server, we
> get:
>
> "if you are outside the USA or Canada, you should not fetch the
> cryptographic sections of the OpenBSD sources from **any
> version control software** server located in the USA"
>
> That would include github.com
>
> so is using the combination (OpenBSD, GitHub, India) uncool (gulp
> illegal)?
>
> If illegal, this kind of sucks for me and my intern.
>
> May be someone experienced in these matters could confirm/deny?
>
> Thanks,
> Dinesh
Just use cvs from a mirror outisde the US? You don't *need* to use
github, github is a copy anyway and only cvs is authorative.
-Otto
