[Fedora-packaging] crypto in fedora

[Stephen John Smoogen]

On Wed, Mar 19, 2008 at 4:13 PM, Patrice Dumas <pertusus at free.fr> wrote:
> Hello,
>
>  Recently the issue of crypto and crypto export in fedora/EPEL was raised
>  about beecrypt. This is something that has never been discussed as far
>  as I remember. It should of course be checked with legal.
>
>  My question is, does crypto software need a specific treatement in
>  fedora? (And if yes, what is a crypto software?)
>

As far as I know crypto has always needed special treatment in Fedora.
Most encryption software is considered 'controlled' for export by
several nations (I think United States, France, Russia, China, etc).
What Red Hat has to do is fill out paperwork with the United States
Commerce department whenever new software with encryption is added to
Fedora or RHEL. This paperwork is on file and then allows various
mirrors to get the software though if inside the US they are required
to put up a listing like:

230-Due to U.S. Exports Regulations, all cryptographic software on this
230-site is subject to the following legal notice:
230-
230-    This site includes publicly available encryption source code
230-    which, together with object code resulting from the compiling of
230-    publicly available source code, may be exported from the United
230-    States under License Exception "TSU" pursuant to 15 C.F.R. Section
230-    740.13(e).
230-
230-This legal notice applies to cryptographic software only.  Please see
230-the Bureau of Export Administration (http://www.bxa.doc.gov/) for more
230-information about current U.S. regulations.

like mirrors.kernel.org. I have been told that similar rules are in
place for other countries dealing with encryption.






-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"