Title: UTM Malaysia invitation.
Title: UTM Malaysia invitation.
After quite a bit of delving into the US export requirements for
encryption-related software, I have found that we are able to
distribute 100% open source packages with identifiable source code
to anyone not in the banned set of countries. However,
a) we have to file export notices prior to
On Wed, Jun 07, 2006 at 01:03:48PM -0700, Roy T. Fielding wrote:
c) each redistributor (re-exporter) of our packages must do the same
[I am unsure if that means every mirror is supposed to file as
well, but for now I am guessing that they don't];
They don't :)
e) people who are in
Roy T. Fielding wrote:
Thoughts? Anyone have any better ideas?
+1 to an overlay; I know you have - but for the rest of the participants, also
consider that it 'illegal' to have crypto in some jurisdictions (and actually
if you are traveling to some jurisdictions it's best to leave your ssl
Colm MacCarthaigh wrote:
I think the best way to accomplish that is to separate mod_ssl into a
subproject that is capable of producing overlay releases for each
release of httpd.
yuck! -1
Before we take -any- action, we need to have one policy across the ASF.
Our research hopefully
On Jun 7, 2006, at 1:30 PM, Colm MacCarthaigh wrote:
e) people who are in the banned set of countries and people in
countries that forbid encryption cannot legally download the
current
httpd-2 packages because they include mod_ssl even when it won't be
used.
I don't see how this can
On Wed, Jun 07, 2006 at 03:53:51PM -0500, William A. Rowe, Jr. wrote:
Before we take -any- action, we need to have one policy across the ASF.
*shrug*, this is [EMAIL PROTECTED], so I'm going to stick to httpd specifically
for now, and that can feed in or not to any policy the ASF desires to
Roy T. Fielding wrote:
Okay, let me put it in a different way. The alternatives are
1) retain the status quo, forbid distributing ssl binaries, and include
in our documentation that people in banned countries are not allowed
to download httpd 2.x.
Acutally - I'm still looking for
On Wed, Jun 07, 2006 at 02:03:33PM -0700, Roy T. Fielding wrote:
The point is that they may want to download a web server which doesn't
have that problem, and right now they are limited to 1.3.x. I consider
Web servers to be something we would want people in those countries
to be able to
On 06/07/2006 10:53 PM, William A. Rowe, Jr. wrote:
There's another gray point, without OpenSSL, mod_ssl is a noop, that is,
it does no crypto. There is more crypto in mod_auth_digest, util_md5 or
in apr-util than there is in mod_ssl.
I think this is an excellent point regarding the
Ruediger Pluem wrote:
A complete different question: Does anybody know how mozilla.org handles
these kind
of problems with firefox?
They appear to have a brief overview of their trials and tribulations on
the subject here:
http://www.mozilla.org/crypto-faq.html
On Wed, Jun 07, 2006 at 02:51:12PM -0700, Cliff Schmidt wrote:
Here's the page that I've put together right now:
http://apache.org/dev/crypto.html. Unfortunately, it needs a little
more detail.
Thank you very much, that's already answered a few of my questions and
given me some good
So, I'm wondering how effective a liability shield it is for a US-based
corporation to export such content via non-US-based distributors. It
seems odd that this would work legally, but that SPI/Debian did it for
so long sparks my interest; maybe there is a path through.
I have no idea what the
On Jun 7, 2006, at 1:39 PM, William A. Rowe, Jr. wrote:
On the T-8 prohibited countries list, note it is a crime to export
technologies
to them (it's hard for the US to define a crime to obtain said
technologies in
a foreign jurisdiction - let's not get into that debate). However,
as a
On Wed, Jun 07, 2006 at 04:02:01PM -0700, Roy T. Fielding wrote:
we would have to provide our own copy of the distribution or include
the source code directly in our product, just to comply with EAR.
My preference is to not distribute OpenSSL.
+1
--
Colm MacCárthaigh
On Jun 7, 2006, at 3:02 PM, Colm MacCarthaigh wrote:
On Wed, Jun 07, 2006 at 02:51:12PM -0700, Cliff Schmidt wrote:
Here's the page that I've put together right now:
http://apache.org/dev/crypto.html. Unfortunately, it needs a little
more detail.
Thank you very much, that's already
On Wed, Jun 07, 2006 at 04:32:40PM -0700, Roy T. Fielding wrote:
We also cannot go to one of those countries and agitate for people
to download a copy of httpd and run their own web server
Who's we? Members of the ASF? Members of the PMC? committers?
developers?
I'd like to know. My Apache
On Jun 7, 2006, at 4:53 PM, Colm MacCarthaigh wrote:
On Wed, Jun 07, 2006 at 04:32:40PM -0700, Roy T. Fielding wrote:
We also cannot go to one of those countries and agitate for people
to download a copy of httpd and run their own web server
Who's we? Members of the ASF? Members of the PMC?
On Wed, Jun 07, 2006 at 06:58:27PM -0700, Roy T. Fielding wrote:
We is anyone representing the ASF. How (or who) would determine
that is anyone's guess.
eek. Who is burdened with that liability? I'm guessing it's the ASF as a
body corporate and possibly its directors personally.
If that's the
Title: Invitation from UTM Malaysia
APACHE 2.0 STATUS: -*-text-*-
Last modified at [$Date: 2006-05-01 08:57:25 -0400 (Mon, 01 May 2006) $]
The current version of this file can be found at:
* http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUS
Documentation status is
APACHE 2.3 STATUS: -*-text-*-
Last modified at [$Date: 2006-05-31 15:34:37 -0400 (Wed, 31 May 2006) $]
The current version of this file can be found at:
* http://svn.apache.org/repos/asf/httpd/httpd/trunk/STATUS
Documentation status is maintained
23 matches
Mail list logo
