apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: Proposed Crypto Notification process
Date Sun, 02 Jul 2006 00:25:29 GMT

On 01.07.2006 11:03, Roy T. Fielding wrote:

> If we remove the patent-encumbered code from OpenSSL, then it isn't
> OpenSSL and we cannot distribute it or anything built from it under

I think we do not really *remove* this code, but just compile OpenSSL *without*
this code (via configure options). And so I guess this would be a difference.
But I guess there is an other problem for Windows: As I understood during the
BOF the OpenSSL version we intent to use for our binary distributions does
not build on Windows without applying patches to OpenSSL. This bug is fixed in
the upstream code of OpenSSL (maybe not in a stable release??).

> the TSU exception without distributing the source code exactly as built.
> That means we have to distribute the modified OpenSSL library as  something
> else *not* called OpenSSL (because otherwise we are violating the  OpenSSL
> license).  In any case, none of our users want a modified OpenSSL --  they
> can download the real thing on their own.  What we should be

Does OpenSSL provide Windows binaries?

> We have to understand that these regulations were not written for
> software developers.  They were written for people inspecting crates
> for things that blow people up.  The notice is for *our* product and
> we are only allowed to export *our* product if the entire product is
> available in source form at a single location where a customs inspector
> can choose to examine its totality for tiny little terrorists hidden
> between the 1s and 0s.  As dumb as it sounds, those are the rules.

Yes, this is the reaons, why the BOF was named "Weapons Of Mass Decryption" :-).



View raw message