---------- Forwarded message ----------
Date: Sat, 2 Mar 2002 23:44:30 -0500
From: "R. A. Hettinga" <[EMAIL PROTECTED]>
To: Digital Bearer Settlement List <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: [cpunx-news] Crypto software to be included into main Debian distribution
--- begin forwarded text
Status: U
To: [EMAIL PROTECTED]
From: Eugene Leitl <[EMAIL PROTECTED]>
Mailing-List: list [EMAIL PROTECTED]; contact
[EMAIL PROTECTED]
Date: Sat, 2 Mar 2002 22:50:01 +0100 (MET)
Subject: [cpunx-news] Crypto software to be included into main Debian
distribution
Reply-To: [EMAIL PROTECTED]
http://lists.debian.org/debian-mirrors/2002/debian-mirrors-200202/msg00001.html
To: [EMAIL PROTECTED]
Subject: WARNING: Crypto software to be included into main Debian distribution
From: James Troup <[EMAIL PROTECTED]>
Date: 23 Feb 2002 06:49:03 +0000
In-reply-to: <[EMAIL PROTECTED]>
Mail-copies-to: never
Sender: James Troup <[EMAIL PROTECTED]>
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7
Hi, Debian has recently received legal advice explaining how we can
include software with cryptographic functionality in our main archive.
This document can be found at
<URL:http://www.debian.org/legal/cryptoinmain>. In accordance with this
advice we plan to include cryptographic software in our main archive (at
some point after March 8th). This will allow us to integrate security
software such as OpenSSH, SSL support, and many other enhancements into
our operating system. Since you are mirroring the Debian distribution you
may be wondering what impact, if any, this will have on you. Obviously you
will notice the new software entering the main archive. If you mirror
non-US, you also may notice some software dropped from the non-US
distribution as it moves into main. The primary concern however is likely
to be legal impact. For mirrors outside the United States there should be
no new legal issues not present for those already mirroring non-US (and
accordingly the rest of the mail isn't relevant to you). The software in
Debian's main archive is all publicly available in the sense of section
740.13(e) of the US EAR. This means that it can be exported from the
United States if Debian files export notification at the time of export.
According to the legal advice Debian received, mirrors do not need to send
in their own notifications. Debian will send in a notification that
covers our master archive and any mirrors of that archive. We will also
update this notification as we add software. BXA regulations require that
you not knowingly export to embargoed countries, as a show of good faith
you may wish to consider implementing a reverse IP lookup that identifies
the computer requesting the download, and that blocks downloads of the
cryptographic archive to countries embargoed by the United States: Cuba
(.cu), Iran (.ir), Iraq (.iq), Libya (.ly), North Korea (.kp), Syria
(.sy), Sudan (.sd) and Taliban Occupied Afghanistan. In addition, you
might consider having a separate screen prior to download, that advises
the person downloading the software as follows:
This software is subject to U.S. export controls applicable to open
source software that includes encryption. Debian has filed the
notification with the Bureau of Export Administration and the
National Security Agency that is required prior to export under the
provisions of License Exception TSU of the U.S. Export
Administration Regulations. Consistent with the requirements of
License Exception TSU, you represent and warrant that you are
eligible to receive this software, that you are not located in a
country subject to embargo by the United States, and that you will
not use the software directly or indirectly in the design,
development, stockpiling or use of nuclear, chemical or biological
weapons or missiles. Compiled binary code that is given away free
of charge may be re-exported under the provisions of License
Exception TSU. However, additional technical review and other
requirements may apply to commercial products incorporating this
code, prior to export from the United States. For additional
information, please refer to www.bxa.doc.gov. If you have any questions
about this new policy, please let us know. NB: I am not a lawyer and this
mail is not legal advice. --
James [with thanks to Sam Hartman for the text]
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Tiny Wireless Camera under $80!
Order Now! FREE VCR Commander!
Click Here - Only 1 Day Left!
http://us.click.yahoo.com/nuyOHD/7.PDAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->
To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: [EMAIL PROTECTED]>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
