Exporting applications that link to Kerberos

[Russ Allbery]

brlcad <brlcad at mac.com> writes:

> I have read the Kerberos FAQ and see that this is mostly an issue "up in
> the air" that should really be consulted with lawyers.  Unfortunately,
> our little distributed team of devs around the world doesn't really have
> the ability to do that easily, much less with our "budget".  So, of
> course, I'm hoping I can get some insight from you kind folk that hear
> this question much more often than I do.

Please note that this is not a legal opinion, but I've done a little bit
of research on this.

Basically, the current status looks like this:  If you're distributing
source code, or if you're distributing binaries accompanied by source
code, you're supposed to register your file servers with the government in
a letter but then you don't have to do anything else at all.  It's not
clear that anyone really even cares about the letter.

If you're distributing binaries, everything gets much murkier.  If you're
distributing closed-source software, you may well have to do the previous
export control dance and things get much more complicated.

So basically, if you do the source-accompanied free software thing, you
seem to mostly be able to not worry about it.

> While we wouldn't be distributing Kerberos sources for sure, there is
> the possibility that we would distribute, for example, dll's for the
> Windows folk that don't have a useable Kerberos library.

Ironically, the situation appears to actually be simpler if you're
distributing sources than if you're distributing only binaries.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>