[me, in response to a remark from Marc-André] What would be your suggestions? Would you prefer to go in the direction of my original proposal - only providing a SSL API, but not the implementation?
Yes, that's how the current SSL support works -- you need to link in openssl.
So, as long as there are no actual cryptographic algorithms in the Python source tree, but only hooks for OpenSSL, there's no problem?
That's what I believe the situation currently, for open source software. It wasn't always like this -- at some point, hooks were enough to need export permission. It may again be like this, if some uninformed US senators get their way...
If this is the case, then there would only be an issue for binary distributions of Python, which can be built easily in free countries :-)
Hm, but that's dangerous too -- someone could easily build an RPM that includes openssl without realizing it. --Guido van Rossum (home page: http://www.python.org/~guido/)