Marc-Andre Lemburg <mal@egenix.com> added the comment: Martin v. Löwis wrote:
Martin v. Löwis <martin@v.loewis.de> added the comment:
Since we are not following those old-style BSD license requirements
You state that is if it was a fact, which is it not. We, indeed, fully comply with the license requirements.
The python.org site is full of references to OpenSSL. Most prominently in the documentation of the ssl and hashlib modules, but also in the release notes/news and other files.
Sure, but this is not advertising material. It's technical documentation.
Ask a lawyer :-) There's a reason why you get around 688.000 hits when searching for "This product includes cryptographic software written by Eric Young" on Google. Now try that search against www.python.org... not a single hit.
So you'd rather have some users get in trouble for downloading and using crypto software, due import laws or domestic laws restricting its use in their country ?
I don't believe that users actually will get into troubles for downloading Python. If they would, a notice is likely not to have any effect on that - if there is a real risk that users will get into trouble, most likely, they know before downloading what that trouble might be.
Right now, they are downloading a file without knowing that they are in fact possibly importing crypto code. Even if they know that importing or using crypto code is illegal, they don't get the needed information from us to decide whether or not they want to proceed. And they don't get a choice to download an installer without crypto code either. This latter point may actually be a good way to make them aware without scaring anyone away: put two installers up on the page, one with OpenSSL, the other without OpenSSL and then let the users decide which one they want.
If you really wanted to post a notice telling people that doing illegal things may cause problems, for all the illegal things that you can do with Python, you'll end up with a long list. For example, Python can be used to break into other computer systems (as can any programming environment with a networking API) - should we now include a notice saying
"Python can be used to break into remote computers, using the network services of Python. Please note that breaking into other computers may not be legal in your country of residence. It is your responsibility to make sure you meet all local import and use requirements for networking code when downloading and using the Python Windows installers."
I hope you agree that would be silly.
Agreed, but that's not what I'm talking about :-) ---------- _______________________________________ Python tracker <report@bugs.python.org> <http://bugs.python.org/issue9119> _______________________________________