[WBEL-users] Hello everybody!!!

Jimmy Kaplowitz jimmy@kaplowitz.org
Thu, 11 Dec 2003 19:47:55 -0500 

--E0h0CbphJD8hN+Gf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Thu, Dec 11, 2003 at 04:20:50PM -0800, Ed wrote:
> IANAL.  But I think that you have to inform the US Bureau of Export
> Adminisistration with the location of the files that have
> encryption.  This from http://www.rsasecurity.com/rsalabs/faq/6-4.html
> and it looks like the Bureau web site is http://www.bxa.doc.gov/
> I'm wading through their "guides" but most of it is confusing to
> me.  What does Debian do?  We'd probably be in a similar situation.

For quite a while, Debian simply made sure to keep all its encryption
software (e.g., OpenSSL) and all its software with hooks to encryption
(e.g., SSL-enabled wget) on its non-US ftp server and non-US mirrors
only.  Therefore it wasn't a problem. Eventually Debian decided that it
wanted to put crypto in the main Debian distribution, which goes on the
Official Debian CD images and on all the US sites that distribute Debian
online. They got a legal opinion (I believe the lawyer fee was paid by
HP), which detailed what steps they would have to take in order to do
this legally.

You can read the legal opinion, as well as the text of the notifications
that are sent to the US government, online at
http://www.debian.org/legal . Obviously only a lawyer can tell you if
the same issues apply to WBEL or not, but they might. My non-lawyer
guess would be that, as long as we're distributing packages built from
RHEL SRPMS, we don't need to do this, since Red Hat has almost certainly
already done so. John Morris should read that opinion carefully and then
make a decision as to what steps WBEL needs to take, if any, to be in
compliance. Mirror maintainers should also make sure they're comfortable
with whatever is or is not done about this.

> Is anyone else interested or planning on using apt with whitebox?
> I'll probably end up recompiling a bunch of programming, scientific,
> and math software for whitebox anyway, and if someone here would find
> that useful we can work on it together.  Even something as simple
> as providing an apt-get mirror would help if there's a bunch of
> apt users.

Given that I have more experience with Debian than with Red Hat, I am
more familiar with apt than with yum or up2date. I remember trying and
failing to do the equivalents of apt-cache show or apt-cache search with
yum or up2date (might have been related to the missing header.info files
on mirrors). I would also love to be able to use the powerful search
abilities of grep-dctrl, and also to work on porting the great apt
frontend aptitude to work with WBEL (if any porting is even needed). In
short, yes, I at least am interested in this.

(If anyone wants an explanation of the features I like in apt and
aptitude, just ask and I'll give one. Otherwise, I'll avoid a potential
apt-vs-yum-vs-up2date flamewar, especially since I am not nearly as
familiar with yum and up2date as I am with apt.)

- Jimmy Kaplowitz
jimmy@kaplowitz.org / jimmy@debian.org

--E0h0CbphJD8hN+Gf
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/2RA76uPcNfDX1EoRAiqBAJ0RQCat4cylCfBhMpIyHsTvFtmqIACgutSq
0RBHqRSewqeTVAmG9+hEji0=
=1B8n
-----END PGP SIGNATURE-----

--E0h0CbphJD8hN+Gf--