cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: libcurl encryption dependencies

From: Sebastian Good <sebastian_at_palladiumconsulting.com>
Date: Wed, 6 Aug 2008 10:19:54 -0500

> Date: Tue, 5 Aug 2008 17:03:00 -0500
> From: "Ralph Mitchell" <ralphmitchell_at_gmail.com>
> Subject: Re: libcurl encryption dependencies
> To: "libcurl development" <curl-library_at_cool.haxx.se>
> Message-ID:
> <997a524e0808051503x14d26b55w1993858b1306add7_at_mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> On Tue, Aug 5, 2008 at 4:29 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:
>
> > On Tue, 5 Aug 2008, Sebastian Good wrote:
> >
> > We'd really love to use libcurl while still obeying (the very stupid)
US
> > Export compliance laws.
>
> I was asked a similar question recently about a monitoring system. I
> replied that I didn't think it included any encryption, and that it was
> really kinda stupid even to consider applying US Export laws to an Open
> Source product that can be freely downloaded from multiple sites around
the
> world and that originates in Denmark...

That is correct. An open source product like curl is available
for installation anywhere around the world and gets an
exemption (of sorts) from export control restrictions. Even the
US Government doesn't think there's anything to be gained by
telling US citizens they can't use what the rest of the world
can use. However, if you are _linking_ to and including libcurl
binaries within a new application which is not open source,
then you are potentially exporting a new product which must be
reviewed for export compliance. Just as silly? I think so.
Received on 2008-08-06