[pycrypto] Policy changes - Now accepting patches from the U.S.
Dwayne C. Litzenberger
dlitz at dlitz.net
Tue Nov 30 07:08:37 CST 2010
On Tue, Nov 30, 2010 at 06:49:17AM -0500, Paul Koning wrote:
>In this case, it seems to me you're changing PyCrypto from a project that
>is NOT "subject to the EAL" (the U.S. Export regulations) to one that is.
>Are you sure you want to do that?
No, I'm not sure, really. All of your concerns are valid.
However, PyCrypto is stagnating, and I think it's partly due to the
no-US-origin policy that I had adopted. Instead of having a lot of people
contributing to PyCrypto, we have a lot of people asking for things on the
mailing list, but not contributing because I've told them that they can't.
If PyCrypto had been getting the contributions it needs from outside the
US, I would have maintained the old policy.
Also, I've always *acted* as if the US rules applied to PyCrypto, even
though I strongly suspect that they don't, because I've never been sure
enough about it to be confident in completely ignoring the US rules. This
has put me into the bizarre situation of following the US rules, but not
accepting US contributions.
In any case, there's no reason to panic. Because of the way the
regulations work, the US rules don't automatically apply just because there
are 10 lines of US-origin code in PyCrypto. It's some weird rule like
"over 50% of the value of the export", so if the people who are concerned
about this policy change can garner the necessary non-US contributions so
that they clearly overwhelm US contributions, please do so. It shouldn't
be impossible: there have been very, very few people contributing to
PyCrypto lately. (Thank you to those people!)
As for the actual regulations, from my perspective, the current Canadian
and American rules aren't that different from each other, as far as
software "in the public domain" are concerned. Both countries maintain
lists of countries that you can't deliberately export to, and the US
additionally requires a one-time "TSU NOTIFICATION" email.
Sigh. I just wish crypto would get dropped from Wassenaar so that we could
stop having these useless converations. I can dream...
Dwayne C. Litzenberger <dlitz at dlitz.net>
OpenPGP: 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7
More information about the pycrypto