> I don't understand why US people can't be given access to the source
> tree.
Well they *can* be given access to the source tree, but the
idea, imo, is to make it easier to comply. That way a US person can't
have a modified version of the tree and then accidentally hit commit
and export something.
With respect to your point (a), that, in my opinion, is
incorrect. Contributing to the ASN1 engine is technical assistance in
the development of an encryption item.
With respect to 'proof' -- per my post regarding CYA -- I'm
going to propose some language which all contributors must agree to
which warrants that in contributing their contribution they are not
violating the cryptographic export restrictions of any jurisdictions
which apply to them.
>
> Is it because of a desire to "prove" that nobody from the US exported
> source code? Surely that's (a) too big a hammer (we can, e.g., con-
> tribute to the ASN1 engine); (b) probably not sufficient proof; and
> (c) starting down a slippery slope that OpenSSL really should avoid --
> setting up mechanisms to help "enforce" every participating country's
> crypto export rules?
>
> I totally agree that "writing documentation" should be foisted off to
> us whenever possible, freeing up those capable of doing crypto code to
> do so.
> /r$
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
--
[EMAIL PROTECTED] 510 291 2283
The BPM Group http://www.bpm.ai/~sameer/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
