Re: Requests for Build changes

Sun, 06 Aug 2000 04:06:16 -0700 

From: Geoff Thorpe <[EMAIL PROTECTED]>

geoff> Well, the opinion that has already been obtained, and the
geoff> members of the development team that obtained and discussed it,
geoff> seemed to indicate that the situation was not yet "all clear".

True.  The item of unclarity seems to be around "taintedness".  It has
apparently been shown that the BXA (Bureau of Export Administration)
has been somewhat inconsistent in it's application of the current
export regulations, but the heaviest point is that we can't seem to
get any guarantee against effects of future changes of those same
regulations.  A conclusion has been that it's "quite unlikely" that
OpenSSL would be tainted.  Unfortunately, some of us feel that "quite
unlikely" is not unlikely enough, if I understand correctly.

The meaning of "tainted" in this case means that a change in US export
regulations may make the US-originated changes in OpenSSL illegal in
some sense, and may therefore force us to remove them (which will most
certainly be a pain in the ass to do).

My personal opinion is that the danger is not great enough to avoid US
code.  However, I like playing with OpenSSL too damn much to bypass
all the other members on this issue.  It would cause a split in the
team, and I can hardly see that being a good thing.  If you wish, you
might want to call this a very long explanation for the word "loyalty"
:-).

For the reasons above, I have released OCSP patches (given to me by
CertCo, a US company) for OpenSSL as a separate package, release
separately from another site.  I'm willing to take the risks involved,
if there are any, except to "taint" OpenSSL itself.

Ben could probably give a better comment, as I think he understands
english legalese a bit better than I do...

-- 
Richard Levitte   \ Spannv�gen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \      SWEDEN       \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis                -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to