Subject: Re: [boost] Questions to help me determine export classification of Boost libraries
From: Andrey Semashev (andrey.semashev_at_[hidden])
Date: 2014-12-19 17:32:34
On Friday 19 December 2014 16:14:43 Ben Fritz wrote:
> I understand the concern. Before I came to the list I was given guidance
> that since the "vendor" of the libraries has not provided the ECCN that our
> company will need to come up with the ECCN on our own based on technical
> knowledge about the library. Unfortunately, I am not a developer of boost,
> only a user (and only indirectly at that) and therefore do not have that
> knowledge myself.
> I do not think it is unreasonable to answer the question, "does this
> library contain encryption software?"
Well, as simple as that question may sound at first, it may not be an easy one
to answer. You're asking if some part of Boost contains what is qualified as
"encryption software" by US law, while many of us are not US residents and I
would guess none of us is a lawyer either. Add to that the fact that there are
pieces of Boost that are effectively unmaintained, and noone can really vouch
for that code. BTW, my impression is that Boost.ASIO is currently one of such
mostly unmaintained parts.
If you want a definitive answer that your company will take legal
responsibility for, your best bet would be to perform an internal code review
with lawyer consultancy. IMHO, of course.