[bible-linux] Re: [sword-devel] Sorry, I can't export sapphire.zip, but...

Darren O. Benham sword-devel@crosswire.org
Thu, 18 Nov 1999 12:52:50 -0800


--7J16OGEJ/mt06A90
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

On Thu, Nov 18, 1999 at 08:20:24PM +0000, Paul Gear wrote:
>=20
> I find situation this unacceptable for a few reasons:
Agreed...

> Hence i would recommend that:
> - the Sword libraries be changed to have Sapphire disabled by default.
or if not disabled by default... disableable....

> - investigation into alternative encryption technologies that are exporta=
ble
> and non-patent-encumbered begin as soon as possible.  (I'd be happy to do=
 this
> once i've got a reasonably functional GNOME frontend for Sword going, alt=
hough
> given my track record this could be a while ;-).  I've heard that
> Blowfish/Twofish are quite a good family of algorithms, and fit these
> criteria.  GNU Privacy Guard (GPG) could probably also be adapted for this
> purpose.
Unfortuantly, that will be difficult to hard.  I know GnuPG and suspect
Blowfish/Twofish will be caught by the munitions export clause... better
would be finding a legal alternative that's being developed outside the US.

> What could happen if we don't do this:
> - Mike could get sued/jailed by the government for exporting his software=
.  I
> know you say you didn't do it, but how can you prove it?  Who is the govt.
> going to look at if they start asking questions?  Even if they can't pin =
the
> exporting of the software on you, they can probably still get you for not
> securing your software sufficiently.  (Obviously, you have some legal gro=
unds
> for comebacks here, like arguing that once you've given it to another
> American, you have no control over what they do with the software.  Howev=
er,
> it is still a legal minefield that you probably want to avoid.)
Another thought: the software itself could fall under the munitions
regulations.  Remember, software with even hooks can get caught.  Remember
when you downloaded netscape.. you had to state in country or out.. one got
the crypto one didn't?  And when Netscape released mozilla, they took out
all the crypto hooks for the same reason?  I don't know the particulars of
the law, so I say "could" but it's possible...

--=20
Please cc all mailing list replies to me, also.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
* http://benham.net/index.html        <gecko@benham.net>           <><  *
* -------------------- * -----------------------------------------------*
* Debian Developer, Debian Project Secretary, Debian Webmaster          *
* <gecko@debian.org> <secretary@debian.org> <lintian-maint@debian.org>  *
* <webmaster@debian.org> <gecko@fortunet.com> <webmaster@spi-inc.org>   *
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

--7J16OGEJ/mt06A90
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE4NGcibbwt//gBAIoRAWRjAKCiT+ug4B8VbIKYsl7JtZqO9YD8FACgiQXh
2i/xxP2QiPNjljBF1Ug9gPo=
=+Fz3
-----END PGP SIGNATURE-----

--7J16OGEJ/mt06A90--