[pyOpenSSL] Windows Installers

M.-A. Lemburg mal at egenix.com
Tue Aug 4 22:35:13 CEST 2009 

Zooko Wilcox-O'Hearn wrote:
> On Tuesday,2009-08-04, at 13:32 , M.-A. Lemburg wrote:
> 
>> You're missing the point: The PSF can get into trouble for making
>> crypto code available via their website without complying to existing
>> laws and regulations.
> 
> I'm sorry if I am being obtuse, but I really don't understand what this
> has to do with Jean-Paul's decisions.  You originally raised this issue
> when you wrote in an earlier mail:
> 
>> Note that uploading pyOpenSSL eggs to PyPI could result in legal
>> problems for the PSF due to export restrictions. I'm not sure that's
>> such a good idea. In any case, you'd have to let the PSF know in advance.
> 
> Do you have any specific reason to believe that this could result in
> legal problems for the PSF? 

Well, yes, otherwise I wouldn't have mentioned them: PyPI doesn't
restrict downloads from countries on the UN embargo list, nor does
it ask for compliance with export regulations.

> Your earlier note suggested that maybe PSF
> would be in the clear if the relevant laws about "software in the public
> domain" applied to open source software like pyOpenSSL, and if the
> Netherlands (which has jurisdiction over the PyPI servers) didn't have
> some other laws that we're unaware of which would make it illegal.  So
> as far as anyone has stated in this discussion, there is no reason to
> believe that it is a legal problem for the PSF.

I can't say whether there is a problem or not. The PSF will have
to ask a lawyer about these things and, of course, has to get a
chance to do so prior to accepting such uploads.

It's well possible that there is no problem, or that the PSF would
have to file a notice with the BIS to get things cleared for
open source releases like pyOpenSSL.

I'm not aware of a previous attempt to get this cleared up for
the PSF, so now is a good chance to get these questions sorted out.

eGenix has gone through a clearing procedure for our pyOpenSSL
distribution as well as our products using pyOpenSSL. The German
authorities gave us green light based on the GSN clause.

Things may be different in the US, though.

> And why would JP have to let the PSF know in advance?  Do you mean that
> he "ought" to let the PSF know in advance in order to be polite to them?

PyPI is a service provided by the PSF, so if you know that
an upload could cause trouble for the PSF, it's only fair
to inform them first.

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Aug 04 2009)
>>> Python/Zope Consulting and Support ...        http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ...             http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________

::: Try our new mxODBC.Connect Python Database Interface for free ! ::::


   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/

More information about the pyopenssl-users mailing list