"M.-A. Lemburg" wrote:

Neal Norwitz wrote:

...

"M.-A. Lemburg" wrote:

...

While discussing the PSF contrib docs with Martin, we came across a possible violation of the US export regulations:

According to the BXA web-site, all crypto code with more than 56 bit keys, has to be regsitered with the BXA. rotor uses 80 bit keys.

I believe this restriction was eased. Exemptions are listed here: http://www.bxa.doc.gov/Encryption/lechart1.html

For open source software:

License Exception: TSU-740.13 Country Scope: Global, may not knowingly export to the T-7 Reporting Requirements: No Restrictions: - Notification by time of export

Correct, but this notification may still be missing... the PSF should get this "fixed".

The only thing I was able to find was that mail was supposed to be sent to: crypt@bxa.doc.gov. I don't know if this is correct or not. If anyone wants, I can send a message to them asking what needs to be done? Neal

"Martin v. Loewis" wrote:

Neal Norwitz writes:

...

The only thing I was able to find was that mail was supposed to be sent to: crypt@bxa.doc.gov. I don't know if this is correct or not. If anyone wants, I can send a message to them asking what needs to be done?

Asking can't hurt.

+1 -- Marc-Andre Lemburg CEO eGenix.com Software GmbH ______________________________________________________________________ Company & Consulting: http://www.egenix.com/ Python Software: http://www.egenix.com/files/python/

"M.-A. Lemburg" wrote:

While discussing the PSF contrib docs with Martin, we came across a possible violation of the US export regulations:

According to the BXA web-site, all crypto code with more than 56 bit keys, has to be regsitered with the BXA. rotor uses 80 bit keys.

...

I wrote:

...

The only thing I was able to find was that mail was supposed to be sent to: crypt@bxa.doc.gov. I don't know if this is correct or not. If anyone wants, I can send a message to them asking what needs to be done?

Asking can't hurt.

I take that back, sometimes it can. :-) I spoke with Lynn Griffin at the BXA about this subject. She said the only requirement is to fill out this form (I filled in some of the details): BEGIN FORM ---------- SUBJECT: ENC NOTIFICATION SUBMISSION TYPE: ENC SUBMITTED BY: SUBMITTED FOR: (company or person exporting the encryption item) POINT OF CONTACT: PHONE and/or FAX: MANUFACTURER: (if relevant) PRODUCT NAME/MODEL #: Python 2.2 ECCN: 5D002 NOTIFICATION: http://www.python.org http://python.org/ftp/python/2.2/ http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/python/python/dist/src/Module... -------- END FORM The instructions are available from: http://www.bxa.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html. The email should be sent to: crypt@bxa.doc.gov. She also recommended a disclaimer on the website that the software is exported under US Export laws and can't be exported to the 7-8 countries or other specifically prohibited individuals. It seems we should submit this form, but for whom? PSF? Who should be the point of contact? Neal

Neal Norwitz wrote:

I spoke with Lynn Griffin at the BXA about this subject. She said the only requirement is to fill out this form (I filled in some of the details):

BEGIN FORM ---------- SUBJECT: ENC NOTIFICATION

SUBMISSION TYPE: ENC SUBMITTED BY: SUBMITTED FOR: (company or person exporting the encryption item) POINT OF CONTACT: PHONE and/or FAX: MANUFACTURER: (if relevant) PRODUCT NAME/MODEL #: Python 2.2 ECCN: 5D002 NOTIFICATION: http://www.python.org http://python.org/ftp/python/2.2/ http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/python/python/dist/src/Module... -------- END FORM

The instructions are available from: http://www.bxa.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html.

The email should be sent to: crypt@bxa.doc.gov.

She also recommended a disclaimer on the website that the software is exported under US Export laws and can't be exported to the 7-8 countries or other specifically prohibited individuals.

This part is interesting; we should add a note to all download pages on python.org (and also to the CVS checkout page). It's silly, but I guess we don't have a choice.

It seems we should submit this form, but for whom? PSF? Who should be the point of contact?

The PSF secretary (Jeremy) will submit the form. -- Marc-Andre Lemburg CEO eGenix.com Software GmbH ______________________________________________________________________ Company & Consulting: http://www.egenix.com/ Python Software: http://www.egenix.com/files/python/