[Python-Dev] Cryptographic stuff for 2.3 (original) (raw)

M.-A. Lemburg mal@lemburg.com
Fri, 25 Apr 2003 08:42:11 +0200

Martin v. L=F6wis wrote:

"M.-A. Lemburg" <mal@lemburg.com> writes: =20

Why do you only look at US export rules when discussing crypto code in Python ? =20 Because only exporting matters. Importing is no problem: You can easily remove stuff from the distribution, by creating a copy of package that doesn't have the code that cannot be imported. That would be the job of whoever wants to import it. =20 Exporting also only matters from the servers which host the Python distribution, i.e. the US and the Netherlands.

That's really optimistic. Every CD vendor, mirror site, etc. in the world hosting the Python distribution would have to go through the business of evaluating whether it's legal to distribute Python or not in their particular case.

Even better: users who download Python from some web-site/CD would have to trace back the path the Python version took to be sure that they are using a legally exported and imported version.

Crypto is just too much (legal) work if you're serious about it.

I also don't really see a problem here: there are plenty good crypto packages out there ready to be used. Not having them in the core distribution raises the awareness bar just a little to make people think about whether it's legal to use them in their particular case.

So again: why put the whole Python distribution at risk just because you want to make life easier for the small share of people actually using such code ?

--=20 Marc-Andre Lemburg eGenix.com

Professional Python Software directly from the Source (#1, Apr 25 2003)

Python/Zope Products & Consulting ... http://www.egenix.com/ mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/

EuroPython 2003, Charleroi, Belgium: 60 days left