Re: [pyOpenSSL] Windows Installers

[Zooko Wilcox-O'H. <zo...@zo...>]

On Tuesday,2009-08-04, at 12:04 , M.-A. Lemburg wrote:

> Whether export regulations are good or bad is not the question and  
> we're not the ones making the laws.

I'm a bit confused -- I never said anything about making laws.  I  
said that no open source programmer, as far as I can tell, is  
spending the time and effort to obey the laws, and that I approved.   
My advice to JP Calderone is to upload crypto to the Net without  
first notifying the US Bureau of Export Controls, and then see if he  
gets arrested.  That's what I've been doing -- http://pypi.python.org/ 
pypi/pycryptopp -- and I haven't gotten arrested yet.

> However, the PSF runs PyPI and as legal entity it has to follow the  
> rules whatever they are.

How does this impact JP Calderone's decision to upload or not upload  
pyOpenSSL?  If the PSF wants to make sure that all of the packages  
hosted on PyPI are legal, then they have a heck of a research job to  
do -- there are how many packages?  Tens of thousands?  And nobody  
from PSF has ever examined them for legality.  If the PSF wants all  
uploaders to first make sure that their uploads are legal, then they  
have a heck of a user education job to do, because currently it looks  
like dozens of people at least have uploaded crypto to PyPI, and I'm  
willing to bet not one of them has notified the BXA.

And, just to be clear, this makes me happy.  Not because I think that  
I'm the one making the laws, but because I think it is a good thing  
that this law is being widely violated.

Regards,

Zooko Wilcox-O'Hearn