On Wed, Mar 19, 2008 at 4:13 PM, Patrice Dumas <pertusus@xxxxxxx> wrote: > Hello, > > Recently the issue of crypto and crypto export in fedora/EPEL was raised > about beecrypt. This is something that has never been discussed as far > as I remember. It should of course be checked with legal. > > My question is, does crypto software need a specific treatement in > fedora? (And if yes, what is a crypto software?) > As far as I know crypto has always needed special treatment in Fedora. Most encryption software is considered 'controlled' for export by several nations (I think United States, France, Russia, China, etc). What Red Hat has to do is fill out paperwork with the United States Commerce department whenever new software with encryption is added to Fedora or RHEL. This paperwork is on file and then allows various mirrors to get the software though if inside the US they are required to put up a listing like: 230-Due to U.S. Exports Regulations, all cryptographic software on this 230-site is subject to the following legal notice: 230- 230- This site includes publicly available encryption source code 230- which, together with object code resulting from the compiling of 230- publicly available source code, may be exported from the United 230- States under License Exception "TSU" pursuant to 15 C.F.R. Section 230- 740.13(e). 230- 230-This legal notice applies to cryptographic software only. Please see 230-the Bureau of Export Administration (http://www.bxa.doc.gov/) for more 230-information about current U.S. regulations. like mirrors.kernel.org. I have been told that similar rules are in place for other countries dealing with encryption. -- Stephen J Smoogen. -- CSIRT/Linux System Administrator How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" -- Fedora-packaging mailing list Fedora-packaging@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-packaging
