Message 115086 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	lemburg
Recipients	debatem1, docs@python, eric.araujo, lemburg, loewis
Date	2010-08-27.15:05:58
SpamBayes Score	0.0
Marked as misclassified	No
Message-id	<4C77D454.3020407@egenix.com>
In-reply-to	<4C77CE1D.5040200@v.loewis.de>

Content
Martin v. Löwis wrote: > > Martin v. Löwis <martin@v.loewis.de> added the comment: > >> Since we are not following those old-style BSD license requirements > > You state that is if it was a fact, which is it not. We, indeed, fully > comply with the license requirements. > >> The python.org site is full of references to OpenSSL. Most >> prominently in the documentation of the ssl and hashlib modules, >> but also in the release notes/news and other files. > > Sure, but this is not advertising material. It's technical documentation. Ask a lawyer :-) There's a reason why you get around 688.000 hits when searching for "This product includes cryptographic software written by Eric Young" on Google. Now try that search against www.python.org... not a single hit. >> So you'd rather have some users get in trouble for downloading >> and using crypto software, due import laws or domestic laws >> restricting its use in their country ? > > I don't believe that users actually will get into troubles for > downloading Python. If they would, a notice is likely not to have > any effect on that - if there is a real risk that users will get > into trouble, most likely, they know before downloading what > that trouble might be. Right now, they are downloading a file without knowing that they are in fact possibly importing crypto code. Even if they know that importing or using crypto code is illegal, they don't get the needed information from us to decide whether or not they want to proceed. And they don't get a choice to download an installer without crypto code either. This latter point may actually be a good way to make them aware without scaring anyone away: put two installers up on the page, one with OpenSSL, the other without OpenSSL and then let the users decide which one they want. > If you really wanted to post a notice telling people that doing illegal > things may cause problems, for all the illegal things that you can > do with Python, you'll end up with a long list. For example, Python > can be used to break into other computer systems (as can any programming > environment with a networking API) - should we now include a notice > saying > > "Python can be used to break into remote computers, using the network > services of Python. Please note that breaking into other computers > may not be legal in your country of residence. It is your responsibility > to make sure you meet all local import and use requirements for > networking code when downloading and using the Python Windows installers." > > I hope you agree that would be silly. Agreed, but that's not what I'm talking about :-)

Martin v. Löwis wrote:
> 
> Martin v. Löwis <martin@v.loewis.de> added the comment:
> 
>> Since we are not following those old-style BSD license requirements
> 
> You state that is if it was a fact, which is it not. We, indeed, fully
> comply with the license requirements.
>
>> The python.org site is full of references to OpenSSL. Most
>> prominently in the documentation of the ssl and hashlib modules,
>> but also in the release notes/news and other files.
> 
> Sure, but this is not advertising material. It's technical documentation.

Ask a lawyer :-)

There's a reason why you get around 688.000 hits when searching for
"This product includes cryptographic software written by Eric Young"
on Google.

Now try that search against www.python.org... not a single hit.

>> So you'd rather have some users get in trouble for downloading
>> and using crypto software, due import laws or domestic laws
>> restricting its use in their country ?
> 
> I don't believe that users actually will get into troubles for
> downloading Python. If they would, a notice is likely not to have
> any effect on that - if there is a real risk that users will get
> into trouble, most likely, they know before downloading what
> that trouble might be.

Right now, they are downloading a file without knowing that
they are in fact possibly importing crypto code. Even if they
know that importing or using crypto code is illegal, they
don't get the needed information from us to decide whether
or not they want to proceed.

And they don't get a choice to download an installer without
crypto code either.

This latter point may actually be a good way
to make them aware without scaring anyone away: put two installers
up on the page, one with OpenSSL, the other without OpenSSL and
then let the users decide which one they want.

> If you really wanted to post a notice telling people that doing illegal
> things may cause problems, for all the illegal things that you can
> do with Python, you'll end up with a long list. For example, Python
> can be used to break into other computer systems (as can any programming
> environment with a networking API) - should we now include a notice
> saying
> 
> "Python can be used to break into remote computers, using the network
> services of Python. Please note that breaking into other computers
> may not be legal in your country of residence. It is your responsibility
> to make sure you meet all local import and use requirements for
> networking code when downloading and using the Python Windows installers."
> 
> I hope you agree that would be silly.

Agreed, but that's not what I'm talking about :-)

History
Date	User	Action	Args
2010-08-27 15:06:01	lemburg	set	recipients: + lemburg, loewis, eric.araujo, debatem1, docs@python
2010-08-27 15:05:58	lemburg	link	issue9119 messages
2010-08-27 15:05:58	lemburg	create