httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm MacCarthaigh <>
Subject Re: restructuring mod_ssl as an overlay
Date Wed, 07 Jun 2006 20:30:30 GMT
On Wed, Jun 07, 2006 at 01:03:48PM -0700, Roy T. Fielding wrote:
>   c) each redistributor (re-exporter) of our packages must do the same
>   [I am unsure if that means every mirror is supposed to file as
>   well, but for now I am guessing that they don't];

They don't :)

>   e) people who are in the banned set of countries and people in
>   countries that forbid encryption cannot legally download the current
>   httpd-2 packages because they include mod_ssl even when it won't be
>   used.

I don't see how this can possibly be the case. If crypto code is illegal
locally, then it is illegal locally and people need to figure that out
from themselves. If a person happens to live in a country which is on
the USA's banned list, there's nothing illegal (purely from their
perspective) about their act of download, US law does not apply to them. 

Surely the illegality is that the ASF exports the code to those
countries, and if anyone is answerable to those particular laws it is
any US-based exporter of the code. I just want to be clear about this
distinction, if it's correct.

Or is there a suggestion that the situation invalidates the user's
license? (contracts can be invalidated when a law is broken, but it's
complex stuff).

> I think the best way to accomplish that is to separate mod_ssl into a
> subproject that is capable of producing overlay releases for each
> release of httpd. 

yuck! -1

> Thoughts?  Anyone have any better ideas?

Is the mere legal registration of the ASF within US borders a solid
stumbling block here? As in, could the situation be remedied by
forbiding US-based distributors? (Similar to what Debian used to do with
it's non-US repositories).

Colm MacCárthaigh                        Public Key:

View raw message