"Steve Langasek" <vor...@debian.org> wrote in message
news:20090308040721.ga16...@dario.dodds.net...
On Sun, Mar 08, 2009 at 12:53:07PM +0900, Charles Plessy wrote:
I still do not understand why Debian can redistribute any non-reviewed
source package through people.debian.org or vcs.debian.org, but would
have
legal problems of letting persons read the incoming queue.
ftp-master is (deliberately) located within the United States.
people.debian.org and vcs.debian.org are not. If an American DD exports
software to Debian servers outside the US, that's their problem; if Debian
exports software by giving developers access to it from a server in the
US,
that's a Debian problem.
Cf. "crypto-in-main".
That said, the the processing nessisary for the crypto regulations is pretty
much a semi-automated process, that IIRC involves sending an email to a few
addresses every time a new package enters the archive, that contains crypto
or may contain crypto in the future. I suppose in theory a pre-NEW queue
could be created that holds the packages until notification has been
provided, and then make NEW DD-readable. However,
making any changes to the processes without consulting both the lawyer that
was consulted last time, as well as the ENC Encryption Request Coordinator
at the NSA would be inadvisable.
I have said several times that I read on some Debian list that Debian has
been used as an example of the correct way to comply with the export
restrictions, and if true it is beneficial to maintain that status.
Unfortunately I've never been able to find that message again, and every
time I search, I only find my own messages, but I'm 100% sure of what I had
read.
For the record: IANADD, IANAL.
--
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
