[Owasp-Malaysia] The Curious Case of FOSS paid developer

Ang Chin Han ang.chin.han at gmail.com
Wed Dec 15 06:41:12 EST 2010


On Wed, Dec 15, 2010 at 6:34 PM, najmi.zabidi at gmail.com
<najmi.zabidi at gmail.com> wrote:
> According to this;
>
> http://marc.info/?l=openbsd-tech&m=129237675106730&w=2
>
> "We have never allowed US citizens or foreign citizens working in the US
> to hack on crypto code (Niels Provos used to make trips to Canada to
> develop OpenSSH for this reason), so direct interference in the crypto
> code is unlikely"
>
> Luckily Canada is just nearby north America, and I don't have to eat
> carrots and see my dentist in the other day.
>
> So much for a free country and "land of the brave". Better come here
> to Malaysia and have fun with us downloading movies.

?

Strong crypto (at that time) export was classifiable as weaponsin the
US. You really don't want your coders to get in trouble. Besides, that
policy is similar to not letting an Open Source project's code get
tainted by contributions from people who may inevitably contribute
tainted closed code.

Besides, "we never allowed" == "openbsd never allowed", not "X country
never allowed"

/me remembers tuning down the rsa key length just to be able to let
crypto-export restricted browsers to be able to connect to it.


More information about the Owasp-Malaysia mailing list