[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Wide Release (Re: PGPfone (BETA TEST) is released)
[email protected] said:
> > This indicates "Anonymous" is either making up everything from this
> point on, or has access to the machine other than normal anonymous
> FTP. The permissions on dist would prevent the CWD from happening.
> Actually, the permissions on dist prevent this from working at all.
> Wrong. The FTP daemon probably has a wrapper around it which checks
> where the call comes from. When it thinks you come from the U.S. or
> Canada, it probably starts up the FTP daemon in group 27, otherwise
> in the default anonymous group. The idea is nice, but you have to
> implement it correctly, of course.
You appear to be correct. I came in from a .net address, which MIT apparently
feels is non-US, and they would be correct about some .net's, but that's true
of .com and .edu as well.
I came in from a Multinational corporation in .com, and it let me in. :-)
> That's the dillema: if you export it, you are taking the
> risk they won't put up this kind of software for FTP the next time.
> If you don't, you are complying with these stupid laws... But
> anyway, with the present state of the MIT FTP server, PGPfone is
> likely to be all over the (non-US-and-Canada) place before the
> weekend is over.
But if people get it from MIT directly, then MIT is violating ITAR/DTR, and
its lawyers would be justified in shutting things down. If it's pulled down
by a US citizen, and then sent out, I don't see how MIT could be held
responsible for it.