While discussing the PSF contrib docs with Martin, we came across a possible violation of the US export regulations: According to the BXA web-site, all crypto code with more than 56 bit keys, has to be regsitered with the BXA. rotor uses 80 bit keys. Here's the application we would need to file: http://www.bxa.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html The various sections referenced in that document can be found here: http://w3.access.gpo.gov/bxa/ear/ear_data.html With the definition of terms at: http://w3.access.gpo.gov/bxa/ear/txt/772.txt and a chart of available license exceptions at (open source software is covered under TSU): http://www.bxa.doc.gov/Encryption/lechart1.html -- Marc-Andre Lemburg CEO eGenix.com Software GmbH ______________________________________________________________________ Company & Consulting: http://www.egenix.com/ Python Software: http://www.egenix.com/files/python/
"M.-A. Lemburg" wrote:
While discussing the PSF contrib docs with Martin, we came across a possible violation of the US export regulations:
According to the BXA web-site, all crypto code with more than 56 bit keys, has to be regsitered with the BXA. rotor uses 80 bit keys.
I believe this restriction was eased. Exemptions are listed here: http://www.bxa.doc.gov/Encryption/lechart1.html For open source software: License Exception: TSU-740.13 Country Scope: Global, may not knowingly export to the T-7 Reporting Requirements: No Restrictions: - Notification by time of export - Considered "publicly available" Neal
Neal Norwitz wrote:
"M.-A. Lemburg" wrote:
While discussing the PSF contrib docs with Martin, we came across a possible violation of the US export regulations:
According to the BXA web-site, all crypto code with more than 56 bit keys, has to be regsitered with the BXA. rotor uses 80 bit keys.
I believe this restriction was eased. Exemptions are listed here: http://www.bxa.doc.gov/Encryption/lechart1.html
For open source software:
License Exception: TSU-740.13 Country Scope: Global, may not knowingly export to the T-7 Reporting Requirements: No Restrictions: - Notification by time of export
Correct, but this notification may still be missing... the PSF should get this "fixed".
- Considered "publicly available"
-- Marc-Andre Lemburg CEO eGenix.com Software GmbH ______________________________________________________________________ Company & Consulting: http://www.egenix.com/ Python Software: http://www.egenix.com/files/python/
"M.-A. Lemburg" wrote:
Neal Norwitz wrote:
"M.-A. Lemburg" wrote:
While discussing the PSF contrib docs with Martin, we came across a possible violation of the US export regulations:
According to the BXA web-site, all crypto code with more than 56 bit keys, has to be regsitered with the BXA. rotor uses 80 bit keys.
I believe this restriction was eased. Exemptions are listed here: http://www.bxa.doc.gov/Encryption/lechart1.html
For open source software:
License Exception: TSU-740.13 Country Scope: Global, may not knowingly export to the T-7 Reporting Requirements: No Restrictions: - Notification by time of export
Correct, but this notification may still be missing... the PSF should get this "fixed".
The only thing I was able to find was that mail was supposed to be sent to: crypt@bxa.doc.gov. I don't know if this is correct or not. If anyone wants, I can send a message to them asking what needs to be done? Neal
Neal Norwitz <neal@metaslash.com> writes:
The only thing I was able to find was that mail was supposed to be sent to: crypt@bxa.doc.gov. I don't know if this is correct or not. If anyone wants, I can send a message to them asking what needs to be done?
Asking can't hurt. Regards, Martin
"Martin v. Loewis" wrote:
Neal Norwitz <neal@metaslash.com> writes:
The only thing I was able to find was that mail was supposed to be sent to: crypt@bxa.doc.gov. I don't know if this is correct or not. If anyone wants, I can send a message to them asking what needs to be done?
Asking can't hurt.
+1 -- Marc-Andre Lemburg CEO eGenix.com Software GmbH ______________________________________________________________________ Company & Consulting: http://www.egenix.com/ Python Software: http://www.egenix.com/files/python/
"Martin v. Loewis" wrote:
Neal Norwitz <neal@metaslash.com> writes:
The only thing I was able to find was that mail was supposed to be sent to: crypt@bxa.doc.gov.
Asking can't hurt.
But isn't it easier to get forgiveness than permission? :-) Greg Ewing, Computer Science Dept, +--------------------------------------+ University of Canterbury, | A citizen of NewZealandCorp, a | Christchurch, New Zealand | wholly-owned subsidiary of USA Inc. | greg@cosc.canterbury.ac.nz +--------------------------------------+
"M.-A. Lemburg" wrote:
While discussing the PSF contrib docs with Martin, we came across a possible violation of the US export regulations:
According to the BXA web-site, all crypto code with more than 56 bit keys, has to be regsitered with the BXA. rotor uses 80 bit keys.
I wrote:
The only thing I was able to find was that mail was supposed to be sent to: crypt@bxa.doc.gov. I don't know if this is correct or not. If anyone wants, I can send a message to them asking what needs to be done?
Asking can't hurt.
I take that back, sometimes it can. :-) I spoke with Lynn Griffin at the BXA about this subject. She said the only requirement is to fill out this form (I filled in some of the details): BEGIN FORM ---------- SUBJECT: ENC NOTIFICATION SUBMISSION TYPE: ENC SUBMITTED BY: SUBMITTED FOR: (company or person exporting the encryption item) POINT OF CONTACT: PHONE and/or FAX: MANUFACTURER: (if relevant) PRODUCT NAME/MODEL #: Python 2.2 ECCN: 5D002 NOTIFICATION: http://www.python.org http://python.org/ftp/python/2.2/ http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/python/python/dist/src/Module... -------- END FORM The instructions are available from: http://www.bxa.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html. The email should be sent to: crypt@bxa.doc.gov. She also recommended a disclaimer on the website that the software is exported under US Export laws and can't be exported to the 7-8 countries or other specifically prohibited individuals. It seems we should submit this form, but for whom? PSF? Who should be the point of contact? Neal
Neal Norwitz <neal@metaslash.com> writes:
It seems we should submit this form, but for whom? PSF? Who should be the point of contact?
Thanks for collecting this information. The entire discussion originated from the copyright assignment forms that the PSF wants to use in the future, so the PSF would also be the organization which "exports" Python, atleast from the sf.net and python.org copies. We'll discuss this in the upcoming Board meeting. Regards, Martin
Neal Norwitz wrote:
I spoke with Lynn Griffin at the BXA about this subject. She said the only requirement is to fill out this form (I filled in some of the details):
BEGIN FORM ---------- SUBJECT: ENC NOTIFICATION
SUBMISSION TYPE: ENC SUBMITTED BY: SUBMITTED FOR: (company or person exporting the encryption item) POINT OF CONTACT: PHONE and/or FAX: MANUFACTURER: (if relevant) PRODUCT NAME/MODEL #: Python 2.2 ECCN: 5D002 NOTIFICATION: http://www.python.org http://python.org/ftp/python/2.2/ http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/python/python/dist/src/Module... -------- END FORM
The instructions are available from: http://www.bxa.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html.
The email should be sent to: crypt@bxa.doc.gov.
She also recommended a disclaimer on the website that the software is exported under US Export laws and can't be exported to the 7-8 countries or other specifically prohibited individuals.
This part is interesting; we should add a note to all download pages on python.org (and also to the CVS checkout page). It's silly, but I guess we don't have a choice.
It seems we should submit this form, but for whom? PSF? Who should be the point of contact?
The PSF secretary (Jeremy) will submit the form. -- Marc-Andre Lemburg CEO eGenix.com Software GmbH ______________________________________________________________________ Company & Consulting: http://www.egenix.com/ Python Software: http://www.egenix.com/files/python/
participants (4)
-
Greg Ewing
-
M.-A. Lemburg
-
martin@v.loewis.de
-
Neal Norwitz