>From https://www.openbsd.org/cvsync.html
" IMPORTANT NOTE: There are a few issues relating to cryptographic
software that everyone should be aware of:
...
However, if you are outside the USA or Canada, you should not fetch
the cryptographic sections of the OpenBSD sources from a CVSync server
located in the USA. The files in question are...
src/kerberosIV/*
src/kerberosV/*
src/lib/libdes/*
src/lib/libc/crypt/crypt.c
src/lib/libc/crypt/morecrypt.c
src/sys/crypto
src/sys/netinet
src/usr.sbin/afs/src/rxkad/*
Because of the USA ITAR munitions list, crypto software may only be
exported to Canada from the USA."
generalising cvsync server to any version control software server, we
get:
"if you are outside the USA or Canada, you should not fetch the
cryptographic sections of the OpenBSD sources from **any
version control software** server located in the USA"
That would include github.com
so is using the combination (OpenBSD, GitHub, India) uncool (gulp
illegal)?
If illegal, this kind of sucks for me and my intern.
May be someone experienced in these matters could confirm/deny?
Thanks,
Dinesh
