[Python-Dev] Cryptographic stuff for 2.3

M.-A. Lemburg mal@lemburg.com
Fri, 25 Apr 2003 08:42:11 +0200

Martin v. L=F6wis wrote:
> "M.-A. Lemburg" <mal@lemburg.com> writes:
>>Why do you only look at US export rules when discussing crypto
>>code in Python ?
> Because only exporting matters. Importing is no problem: You can
> easily *remove* stuff from the distribution, by creating a copy of
> package that doesn't have the code that cannot be imported. That would
> be the job of whoever wants to import it.
> Exporting also only matters from the servers which host the Python
> distribution, i.e. the US and the Netherlands.

That's really optimistic. Every CD vendor, mirror site, etc. in the
world hosting the Python distribution would have to go through the
business of evaluating whether it's legal to distribute Python or not
in their particular case.

Even better: users who download Python from some web-site/CD would
have to trace back the path the Python version took to be sure
that they are using a legally exported and imported version.

Crypto is just too much (legal) work if you're serious about it.

I also don't really see a problem here: there are plenty good
crypto packages out there ready to be used. Not having them in
the core distribution raises the awareness bar just a little to
make people think about whether it's legal to use them in
their particular case.

So again: why put the whole Python distribution at risk just
because you want to make life easier for the small share of
people actually using such code ?

Marc-Andre Lemburg

Professional Python Software directly from the Source  (#1, Apr 25 2003)
 >>> Python/Zope Products & Consulting ...         http://www.egenix.com/
 >>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
EuroPython 2003, Charleroi, Belgium:                        60 days left