[Python-Dev] Cryptographic stuff for 2.3

"Martin v. L÷wis" martin@v.loewis.de
Fri, 25 Apr 2003 09:01:18 +0200

M.-A. Lemburg wrote:

> That's really optimistic. Every CD vendor, mirror site, etc. in the
> world hosting the Python distribution would have to go through the
> business of evaluating whether it's legal to distribute Python or not
> in their particular case.

Every CD vendor, mirror site, etc. would have to perform a risk 
analysis, yes. That goes beyond analysing the legal status only - people 
will usually also take into account what the risk of prosecution is.
They already do that for all other software they distribute, and 
apparently come to the conclusion that the risk of being prosecuted is 
nearly zero.

> Crypto is just too much (legal) work if you're serious about it.

So then you would advise to remove the OpenSSL support from the Windows 
distribution, and from Python altogether?

Because if not, why would it be bad to add more cryptographic packages 
to the standard Python distribution? Either you violate some law in some 
country already by distributing Python from A to B, or you don't. Adding 
another package doesn't change anything here.

> I also don't really see a problem here: there are plenty good
> crypto packages out there ready to be used. 

And it may be indeed the case that authors of such package fear the loss 
of reputation if competing packages were included into the Python 
distribution :-(