On Sun, Apr 30, 2006 at 12:55:58PM -0700, Bob Palowoda wrote:
> I've heard discussions in the past about they types of security
> encryption libs and their verious laws and regulations of
> redistribution. Is the Companin CD going to be distributed
> with the US and is subject to any of these rules? If so
We'd like the Companion to be distributed via the Internet (a la
Blastwave, Debian, Gentoo, and, well, everyone else). That's already
the case via sun.com, but clearly the distribution system there is
pretty primitive, and it would be better to use opensolaris.org. So
yes, of course it's to be made available to people in the US, and to
anyone anywhere.
> we can import stronger encryption from and external
> US site and it would be an advantage for the distribution
> site (and application that updates the software) to
> automaticlly download these types of encryption libs.
A few thoughts:
Most of the interesting crypto support is already in ON and is exposed
via openssl and friends. This is available today, as open source, in
full strength. In general, Companion software should utilize these
existing libraries to take advantage of hardware acceleration and
other improvements rather than providing their own algorithm
implementations.
If there's a desire to include software (for example, a hypothetical
component that provides algorithms not already available in ON) for
which distribution in some countries may be restricted, the existing
disclaimer[0] in the READMEs on opensolaris.org will probably be
sufficient in most if not all cases. Restrictions on distributing
open source crypto implementations from US sites have been relaxed
somewhat in recent years.
Finally, if for some reason Sun's lawyers tell us that some particular
piece of software can't be distributed from opensolaris.org because of
cryptography restrictions, we need a mechanism for Companion users to
transparently obtain the software from arbitrary non-Sun sites
instead. This may take a form similar to the well-known
non-us.debian.org. In any case, we need this feature in the
distribution mechanism regardless of whether any cryptographic
software is included: we'd like to be able to make highly useful
software like libdvdcss available seamlessly, even though Sun's
lawyers would never allow a Sun site to distribute it. Indeed, many
site owners would be unwilling to host such software, but it should
nevertheless be easy for Companion users to obtain it from those
willing to offer it.
[0] For example, see the top of
http://www.opensolaris.org/os/downloads/on/.
--
Keith M Wesolowski "Sir, we're surrounded!"
Solaris Kernel Team "Excellent; we can attack in any direction!"
