Definitely.
>It's absolutely right though, that according to the ammunition law of the US,
>the im- and export of DES encryption software, or DES encrypted data is
>illegal, unless you have a good reason and a permit to do so. Building it in
>the kernel isn't a problem, sending it to people in Europe isn't a problem
>either, but people from the US, and Linus himself, would be prosecutable if
>anyone downloaded that kernel that resides in the US. (Completely
>moronic laws? Yes.. But it is no different)
You have it almost right.
Export of _any_ encryption algorithm (not just DES) from the US to
anywhere (except Canada?) is illegal without the proper permits.
AFAIK Importation is fine for any algorithm.
Sending it to people in Europe from inside the US _is_ export, and
therefore illegal. Sending it to people inside the US from anywhere
in the world is perfectly legal according to US law.
Sending anything from outside the US to outside the US is not
regulated by the US, though I'm sure the government here would like
to be able to do that.
Note that E-mailing it from one machine outside the US to another
outside the US _might_ utilize communication lines that pass through
the US, and therefore be technically illegal, though how anyone would
find out without monitoring every line that might carry said traffic
is beyond me.
I don't think Linus would be liable, since he's just the original
author. The archive maintainers would be liable, though. Or whoever
mailed it.
CAVEAT: I'm not a lawyer. My understanding of this issue is mostly
based on the web pages at the EFF (somewhere at http://www.eff.org).
-- Lewis Tanzos - lewis@ds9.lesn.lehigh.edu - lewis@tulgey.com