[Pythonmac-SIG] Package Manager idea, adding a URL scheme

Bob Ippolito bob at redivi.com
Fri Oct 3 13:23:25 EDT 2003 

On Friday, Oct 3, 2003, at 13:02 America/New_York, Michael Hudson wrote:

> Bob Ippolito <bob at redivi.com> writes:
>
>> On Friday, Oct 3, 2003, at 12:04 America/New_York, Michael Hudson 
>> wrote:
>> According to the homepage:
>> With the relaxing of US export controls for encryption software, it's
>> now possible to distribute cryptographic source code and export it
>> from the US, so now anyone in the world can download the Python
>> Cryptography Toolkit.
>
> OK, so that means it's legal for the authors of pyCrypto to "export"
> the software from the US -- that doesn't have a lot to do with whether
> it's legal for the person on the other end to use the software.
>
>> What are the remaining legal issues?  Can you point me to any
>> semi-recent threads?  I thought that since the laws were eased up in
>> the US it was pretty safe to throw around cryptography software.
>
> That only changed the situation in the US (and given where
> www.python.org *is* and how Python is developed... well, I don't
> understand it all).
>
> Here's the thread I was thinking of:
>
> http://mail.python.org/pipermail/python-dev/2003-April/034957.html
>
> Marc-Andre Lemburg's posts are the depressing ones.

That is really depressing.  Being a US citizen I don't generally think 
of or hear about other places having worse crypto laws than we do.  
Except for China, I guess, but these things are almost never involved 
in my normal thought processes.

Ok, so now that hopes are dashed on this front, how about PackMan 
whines every time you use it (which you can turn off from the UI, if 
you are in a country where using pycrypto would be illegal and you 
aren't interesting in breaking any laws) until pycrypto is installed?  
This would be similar to how a web browser behaves when a SSL 
certificate is not trusted.

I have memories of using Perl's CPAN, and it whining about not having a 
lot of internet related modules when you used it on a fresh Perl 
installation.  One of the things it whined about was not having an md5 
module for testing the authenticity of packages.

-bob

More information about the Pythonmac-SIG mailing list