Quoting Jimmy Kaplowitz <[EMAIL PROTECTED]>: > On Fri, May 11, 2001 at 09:53:04PM -0400, [EMAIL PROTECTED] wrote: <snip> > > Our FTP servers do not block these countries, so I don't know if we > > would still be considered compliant under these rules. I think it's > > safer to leave everything in non-US. > > I probably agree, but what about this sentence from section 2.1.5 of Debian > Policy: > > A package containing a program with an interface to a cryptographic program or > a program that's dynamically linked against a cryptographic library should not > be distributed via the non-US server if it is capable of running without the > cryptographic library or program.
This might sound like a contrived, hypothetical situation but it's not: Package hitop contains a binary, 'hitop'. Binary 'hitop' may dynamically load, at _runtime_, its Postgres plugin, postgres.so. Plugin postgres.so links against libpgsql. libpgsql links against libssl. I've had a bug report filed, saying that my package breaks section 2.1.2 of Policy, since it build-depends against libpgsql which is in non-US/main. However, this seems to be contradicted by section 2.1.5 because binary 'hitop' is capable of running without libssl. <rant> I'm becoming increasingly frustrated by parochial laws in just one country affecting a global distribution. </rant> -- Andrew Stribblehill <[EMAIL PROTECTED]> Systems programmer, IT Service, University of Durham, England
