Carnë Draug wrote: > On 27 April 2010 17:11, Søren Hauberg <so...@hauberg.org> wrote: > > >> tor, 22 04 2010 kl. 07:38 +0200, skrev David Bateman: >> >>> Octave includes the MD5 hashing algorithm and uses /dev/random if >>> available in the core of Octave and there is an implementation of SHA1 >>> in the octave-forge package general.. These are about the only crypto >>> like functions that I know of in Octave, MD5 and SHA1 are hashing >>> unctions and not crypto at all >>> >> Okay, then I don't think we can forgo the US export control. >> >> Thanks >> Søren >> >> > > We can't? But if I understood it correctly, David said that they are not > related to encryption, just hashing. > > Also, if we couldn't be above that US rule, would staying in sourceforge be > a preferable option than hinder and/or block access of some people to free > software (which I guess would not be free anymore)? > > Carnë > > No one can forgo export control regulations, and they are essentially the same all around the world as they are based on the same international treaties against the export of "dual use" technologies. I've done a bit of export control work in the past to ensure that my employer was obeying US and international law for the technology I was working on. The US export control rules are a good set of rules to work with as they tend to go beyond other export control rules in that they list uncontrolled dual technologies that others don't (Those you can't send to Cuba, North Korea, Lybia, Iran, Iraq and Sudan). So if you have worked out a US classification that can be pretty easily mapped onto anyone elses export control regulation.
Octave is controlled by Category 4 of the US commerce control list (CCL) which is available from http://www.access.gpo.gov/bis/ear/ear_data.html and in particular section D for software.. Its only 13 pages and so easy enough to read, though relatively twisted as it refers to other parts of the CCL. For export control to most countries exporting from the US and basically everywhere if you aren't in the US.. We want an ECCN (the classification of Octave for the export control) with a "9" in the third place, anything else is a real pain. The only ECCN that Octave might fall into in the category 4 is 4D003 which cross references software depassing the limits defined in Category 5 part two Cyptography is covered under the ECCNs 5A002 and 5D002. Octave might be covered under 5A002a.1. But this ECCN states 5A002a.1. Designed or modified to use “cryptography” employing digital techniques performing any cryptographic function other than authentication or digital signature and having any of the following: where the following limits key lengths, etc. Octave, as delivered by Octave Forge, is neither designed or modified to use "cyptography", and hashing functions that octave does have are for "digital signatures" and so explicitly excluded. As Octave isn't covered by 4D980 (anyone building fingerprinting equipment with Octave), Octave is therefore under the catch all ECCN EAR99 Soren, I'd say you can pretty safely say the Octave isn't using cyptography for the purposes of the source-forge export control check box. D. ------------------------------------------------------------------------------ _______________________________________________ Octave-dev mailing list Octave-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/octave-dev
