"E. Jay Berkenbilt" <[EMAIL PROTECTED]> wrote: >[I'm not currently subscribed to this list, so please cc me on responses.]
Done. >After about September 20, the RSA patent has expired in the USA. >Also, earlier this year, the USA finally relaxed its export laws >concerning encryption software. (There are still some places where >you can't export encryption, but it's not nearly as bad as it once >was.) > >With this change, there have been a number of positive developments in >the open-source world. For example, gnupg 1.0.3 now supports RSA. >Also, RedHat 7.0 includes stunnel, openssl, openssh, apache's mod_ssl, >an ssl-aware smbclient, and perhaps other software that uses the RSA >algorithm, and since 6.2, Kerberos, gnupg, and the 128-bit version of >Netscape have been included. > >As far as I can tell, Debian has not moved any of these things out of >non-free/non-US even for the unstable distribution. gnupg recently (1 October) included RSA and replaced the non-free module. Netscape has had 128-bit encryption since 29 May, and that version is in the stable release. ssh's RSA modules are still in non-US/non-free as far as I know; a bug should probably be filed. Is it much of a problem? I understood that there were equally good, if not better, free alternatives ... With respect to non-US, there has been some discussion about this, but it's expired from my news server and I don't feel like going to look it up. :) IIRC it wasn't quite clear what to do; is Debian happy with registering all its encryption code, for instance (as I seem to remember the new regulations require, but correct me if I'm wrong)? Also, I don't know how much it would matter. The biggest problem with non-US is that US developers can't work on it, which is certainly not good, but it doesn't impact users directly as US and non-US users alike can download from non-US. Of course, the more that can be moved into main, the better. Have a look through the debian-devel and debian-policy archives (possibly debian-project too) from a few months ago at <URL:http://lists.debian.org/>. debian-user tends mostly to be question-and-answer, while discussion about work on Debian is more likely to happen on the developer-oriented mailing lists. >For what it's worth, I'm brand new to Debian (just trying it this >weekend for the first time) but I've been using Linux since 1992 and >UNIX in general since 1987, In that case, welcome to Debian! -- Colin Watson [EMAIL PROTECTED]