[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Debian Shishi integration: GSS-API library

From: Russ Allbery
Subject: Re: Debian Shishi integration: GSS-API library
Date: Wed, 31 May 2006 12:07:10 -0700
User-agent: Gnus/5.110004 (No Gnus v0.4) XEmacs/21.4.18 (linux)

Simon Josefsson <address@hidden> writes:

> Supporting this meta-GSS-library approach has been the goal of my GSS
> library, but I've noticed that there is another library with a similar
> goal that is in the Debian NEW queue, libgssapi from
> <>.

> I haven't looked at it in detail though, so I'm not sure it actually
> implements this the way I thought it would.

Yeah, this was packaged by the NFSv4 folks.  I'm not sure if it would work
or not, but if it does, it's probably going to get fairly general
acceptance.  Working with them to make it work may be the path of least
resistance to get everyone to rebuild their packages.

As the maintainer of a few packages that use GSS-API, I'm interested, and
it would also make maintaining Cyrus SASL significantly easier.

> There is also a license issue, the libgssapi stuff seem to require
> export permissions from the USG to be exported from to U.S., and I'm not
> sure if that permissions is granted for exports anywhere, which I would
> have a problem with.  If that is the case, I'd prefer to improve my GSS
> library to make it implement this approach.

The export restrictions apply to any code that contains cryptographic
code, including the software that you yourself have written if it's
brought into the US and then exported again.  In other words, this isn't a
property of the license on the package, but rather a property of US law
that those of us in the US have to deal with and that applies to all
packages equally.

Thankfully, due largely to the legal work of Dan Bernstein, the US
government has a blanket exception for all free software that they wrote
into the rules when in imminent danger of losing a Supreme Court free
speech decision.  So as long as the software is released with source, it's
generally not an issue.

Debian takes care of all registration requirements for US government
export regulations internally, so one doesn't have to worry about this for
Debian packages.

Russ Allbery (address@hidden)             <>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]