Hi Wichert
On Tue, Nov 21, 2000 at 04:20:27PM +0100, Wichert Akkerman wrote:
> Previously Sam Hartman wrote:
> > I can't find an answer to the question on this list's archives and so
> > I'm asking it again. It seems fairly clear to me that the answer is
> > yes, if proper procedures are followed, but since export issues are
> > kind of touchy I want to make sure that I'm not missing something.
>
> I'm reading up on the documentation for it now; it seems that with
> some exception we can indeed put crypto in the main archive now, esp.
> with the policy changes from last month.
>
First let me say that I have no legal training what so ever, but I do
know that the words used in legal documents are important. I would
like to draw your attention to:
"Posting of the source code or corresponding object
code on the Internet ... where it may be downloaded
by anyone would not establish "knowledge" of a
prohibited export or reexport, including that
described in paragraph (e)(2) of this section."
The question that came to my mind is if we had a Debian member in Cuba,
Iran, Iraq, Libya, North Korea, Sudan or Syria wouldn't we "know" that
they would be downloading crypo software from a site within the USA.
Wouldn't that cause use to fall foul of EAR. From reading
http://www.bxa.doc.gov/Enforcement/knowcust.htm (2)
"...you have a duty to check out the suspicious
circumstances and inquire about the end-use, end-user
or ultimate country of destination."
As a new member of Debian I would not like to restrict a citizen of a country
that the US Government (or any other government) disapproves of of becoming
a member of Debian.
I am looking at ITPing some software that has an OpenSSL module and
therefore I would feel uncomfortable about posting this into the USA
(I'm British).
I would have though that it would NOT be prudent to move the crypo
archives into the USA.
Steve
