> > What I still don't understand is how, if all the legalities have
> > somehow remained the same, OpenBSD can make OpenSSH part of the
> > default 2.6 install (as they claim to) without causing a bunch of
> > people to break the law.
> 
> They can't.  But as far as I can tell, they don't really care.
> 
> They can't legally re-export cryptographic code that was originally
> from the U.S. from Canada, either (despite the advice they evidently
> got from a law student someone talked to in a bar!), and the people
> (some of them U.S. government employees and contractors, yet!) who 
> committed sundry crypto code to OpenBSD from the U.S. knowing full well 
> it'd be exported were playing with fire, too.  They don't seem to care
> about any of this, either, and if one points it out to them one is
> usually in line for a great deal of "INFIDEL!  THE EMPEROR IS WEARING
> *LOVELY* AND *STYLISH* CLOTHES!" type flamage.  Well, whatever.

Uh, pardons, what the hell are you talking about? As far as I have
been able to tell, OpenBSD does NOT take crypto commits from inside
the U.S. They distribute OpenSSH. U.S. installs link against RSAREF
(via OpenSSL). non-US installs do not link against RSAREF.

I also do not know where you get your information about re-exporting
crypto (I'm not aware of any of that that is done), but the law is
pretty clear on this: the only person responsible to ITAR is the
person who originally leaked the code from the U.S. OpenSSH is based
on code developed in Finland, it sure doesn't factor into this at all.

I'm not saying it would be possible for NetBSD to follow the same
practices, OpenBSD hamstrings itself by not accepting U.S. committers
to make an entirely-US free distribution, and I don't think NetBSD
would want to do that.

I do, however, wonder where you think you are coming from in regards
to legal issues in this matter. Can you name specific incidents,
please?

jeff

> Now, please note that I am certainly _not_ a lawyer, and I am not
> giving you (or anyone else) legal advice.  But I have talked to
> several lawyers about many of the specific points we've covered in
> this discussion, as have other NetBSD developers.  So perhaps this
> will give you some perspective on why we don't do some of the things
> OpenBSD does, though the world might be a nicer place if we were
> free to.