[cpunx-news] Crypto software to be included into main Debian distribution

R. A. Hettinga rah at shipwright.com
Sat Mar 2 23:44:30 EST 2002 

--- begin forwarded text


Status:  U
To: cpunx-news at yahoogroups.com
From: Eugene Leitl <eugene.leitl at lrz.uni-muenchen.de>
Mailing-List: list cpunx-news at yahoogroups.com; contact
cpunx-news-owner at yahoogroups.com
Date: Sat, 2 Mar 2002 22:50:01 +0100 (MET)
Subject: [cpunx-news] Crypto software to be included into main Debian
distribution
Reply-To: cpunx-news at yahoogroups.com


http://lists.debian.org/debian-mirrors/2002/debian-mirrors-200202/msg00001.html

To: debian-mirrors at lists.debian.org
Subject: WARNING: Crypto software to be included into main Debian distribution
From: James Troup <james at nocrew.org>
Date: 23 Feb 2002 06:49:03 +0000
In-reply-to: <87vgcoeo5l.fsf at tacitus.systems>
Mail-copies-to: never
Sender: James Troup <james at ruari-quinn.demon.co.uk>
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

Hi, Debian has recently received legal advice explaining how we can
include software with cryptographic functionality in our main archive.
This document can be found at
<URL:http://www.debian.org/legal/cryptoinmain>. In accordance with this
advice we plan to include cryptographic software in our main archive (at
some point after March 8th).  This will allow us to integrate security
software such as OpenSSH, SSL support, and many other enhancements into
our operating system. Since you are mirroring the Debian distribution you
may be wondering what impact, if any, this will have on you. Obviously you
will notice the new software entering the main archive.  If you mirror
non-US, you also may notice some software dropped from the non-US
distribution as it moves into main.  The primary concern however is likely
to be legal impact.  For mirrors outside the United States there should be
no new legal issues not present for those already mirroring non-US (and
accordingly the rest of the mail isn't relevant to you). The software in
Debian's main archive is all publicly available in the sense of section
740.13(e) of the US EAR.  This means that it can be exported from the
United States if Debian files export notification at the time of export.
According to the legal advice Debian received, mirrors do not need to send
in their own notifications.  Debian will send in a notification that
covers our master archive and any mirrors of that archive.  We will also
update this notification as we add software. BXA regulations require that
you not knowingly export to embargoed countries, as a show of good faith
you may wish to consider implementing a reverse IP lookup that identifies
the computer requesting the download, and that blocks downloads of the
cryptographic archive to countries embargoed by the United States: Cuba
(.cu), Iran (.ir), Iraq (.iq), Libya (.ly), North Korea (.kp), Syria
(.sy), Sudan (.sd) and Taliban Occupied Afghanistan.  In addition, you
might consider having a separate screen prior to download, that advises
the person downloading the software as follows:

   This software is subject to U.S. export controls applicable to open
   source software that includes encryption.  Debian has filed the
   notification with the Bureau of Export Administration and the
   National Security Agency that is required prior to export under the
   provisions of License Exception TSU of the U.S. Export
   Administration Regulations.  Consistent with the requirements of
   License Exception TSU, you represent and warrant that you are
   eligible to receive this software, that you are not located in a
   country subject to embargo by the United States, and that you will
   not use the software directly or indirectly in the design,
   development, stockpiling or use of nuclear, chemical or biological
   weapons or missiles.  Compiled binary code that is given away free
   of charge may be re-exported under the provisions of License
   Exception TSU.  However, additional technical review and other
   requirements may apply to commercial products incorporating this
   code, prior to export from the United States.  For additional
   information, please refer to www.bxa.doc.gov. If you have any questions
about this new policy, please let us know. NB: I am not a lawyer and this
mail is not legal advice. --
James [with thanks to Sam Hartman for the text]


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Tiny Wireless Camera under $80!
Order Now! FREE VCR Commander!
Click Here - Only 1 Day Left!
http://us.click.yahoo.com/nuyOHD/7.PDAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

To unsubscribe from this group, send an email to:
cpunx-news-unsubscribe at yahoogroups.com



Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list