[Pythonmac-SIG] Package Manager idea, adding a URL scheme

Michael Hudson mwh at python.net
Fri Oct 3 13:02:40 EDT 2003

Bob Ippolito <bob at redivi.com> writes:

> On Friday, Oct 3, 2003, at 12:04 America/New_York, Michael Hudson wrote:
>> There are ghastly legal issues that obstruct crypto support (there
>> have been threads on python-dev about this) and there's also a code
>> quality/ease of maintenence issue about pyCrypto itself (I have no
>> idea about it in this regard).
> According to the homepage:
> With the relaxing of US export controls for encryption software, it's
> now possible to distribute cryptographic source code and export it
> from the US, so now anyone in the world can download the Python
> Cryptography Toolkit.

OK, so that means it's legal for the authors of pyCrypto to "export"
the software from the US -- that doesn't have a lot to do with whether
it's legal for the person on the other end to use the software.

> What are the remaining legal issues?  Can you point me to any
> semi-recent threads?  I thought that since the laws were eased up in
> the US it was pretty safe to throw around cryptography software.

That only changed the situation in the US (and given where
www.python.org *is* and how Python is developed... well, I don't
understand it all).

Here's the thread I was thinking of:


Marc-Andre Lemburg's posts are the depressing ones.

> Note that the intended use for PackMan isn't cryptography per se, it's
> cryptographic authentication.  The documents themselves won't be
> encrypted, but will be signed cryptographically for authentication
> purposes only.

This *might* make a difference (but only if pyCrypto can be sliced up
so that you can distribute a portion that can only do authentication).

Given that RSA is easily (if not efficiently) implementable in Python,
I share your probably opinion that this is all a pile of poo -- but I
didn't write the world's laws.

> As for code quality / ease of maintenance, a cursory glance of the
> source code makes me think that it looks clean, commented where it
> matters, and it's got unit tests that are less than trivial. 

This doesn't seem to be a problem, then.


  Just put the user directories on a 486 with deadrat7.1 and turn the
  Octane into the afforementioned beer fridge and keep it in your
  office. The lusers won't notice the difference, except that you're
  more cheery during office hours.              -- Pim van Riezen, asr

More information about the Pythonmac-SIG mailing list