On Sat, Feb 23, 2002 at 03:10:02PM -0500, Sam Hartman wrote: > Except of course that multi-step exporting is legal. Well, is likely > to be legal in most cases. If I'm operating a US mirror, and you tell > me that you're copying my mirror outside the US for the explicit > purpose of making it available to T7, then I might care.
It is legel as long there is no knowledge of the export. But as soon as anyone sees a mirror in one the the T7 countries we all know of the export. How should we react. Can we track down the way of ANY debian mirror world wide. Can we shut down or block any of those mirrors ? If we cant (which i assume) the debian archive itself will be immeatly polluted and is no longer usable for any debian developer as anyone making uploads to it (with crytography) will be held responsible for knowingly exporting it. > I suggest that if you care you wade through the long document James > pointed you at and it should become clear that even the US does not > believe it can enforce US laws on non-US mirror operators exporting to > people outside the US. I know that there is only little chance of these laws really coming into court. But who knows. With the scenario i described above anyone with enough enthusiasm can make a DoS against large parts of the debian workflow - Not technically - But legally. More interestingly my initial point about DFSG paragraph 6 beeing not met with crypto in main has not been taken yet. From my understanding we cant put crypto in main but in non-free - not by license but by export regulations. "Finally, you should be aware that a core set of US export controls apply to all exports of open source cryptographic software from the United States. In essence, these controls prohibit the export of open source cryptographic software under License Exception TSU to ... (3) design, development, stockpiling, production or use of nuclear, chemical or biological weapons or missiles." Flo -- Florian Lohoff [EMAIL PROTECTED] +49-5201-669912 Nine nineth on september the 9th Welcome to the new billenium
pgpuAu3EDdlHz.pgp
Description: PGP signature
