httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <>
Subject Re: restructuring mod_ssl as an overlay
Date Wed, 07 Jun 2006 21:15:14 GMT

On 06/07/2006 10:03 PM, Roy T. Fielding wrote:
> After quite a bit of delving into the US export requirements for
> encryption-related software, I have found that we are able to
> distribute 100% open source packages with identifiable source code
> to anyone not in the banned set of countries.  However,

Some possible stupid questions from a person not familar with the US export
requirements. But I in order to contribute possible valuable feedback I need
some information :-).

Is all this stuff required because the

1. The ASF is an US based legal entity?
2. At least some of the ASF servers where you can download these packages
   are located in the US?

Next question:

Do we currently break US export requirements by providing mod_ssl within
the httpd source package or do we only get into trouble if we want to
provide a binary package that

1. Contains mod_ssl but *no* openssl.
2. Contains mod_ssl *and* openssl.

> Given those constraints, I would prefer to separate the httpd releases
> into a non-crypto package and a crypto overlay, similar to what most
> of the packaging redistributors do (fink, apt, etc.).

Given the fact that I live in a country where export laws regarding
crypto software are less strict than in the US I do not like the idea
of putting mod_ssl in a subproject as this seems to be inconvenient
for people like me. We had been in the situation where you had to grab
software from two sources to get an SSL enabled httpd (yes, I know mod_ssl
for 1.3 was no ASF project) and I was really happy that since 2.0
mod_ssl is provided out of the box within the httpd sources.
But I see that we have a problem here, so this point of view might be
a little selfish. I hope to get a better understanding of the problem
such that I can possibly propose a better proposal that does not require
to move mod_ssl to a subproject.



View raw message