cg@bofh.lake.de said:
This indicates "Anonymous" is either making up everything from this point on, or has access to the machine other than normal anonymous FTP. The permissions on dist would prevent the CWD from happening. Actually, the permissions on dist prevent this from working at all. Wrong. The FTP daemon probably has a wrapper around it which checks where the call comes from. When it thinks you come from the U.S. or Canada, it probably starts up the FTP daemon in group 27, otherwise in the default anonymous group. The idea is nice, but you have to implement it correctly, of course.
You appear to be correct. I came in from a .net address, which MIT apparently feels is non-US, and they would be correct about some .net's, but that's true of .com and .edu as well. I came in from a Multinational corporation in .com, and it let me in. :-)
That's the dillema: if you export it, you are taking the risk they won't put up this kind of software for FTP the next time. If you don't, you are complying with these stupid laws... But anyway, with the present state of the MIT FTP server, PGPfone is likely to be all over the (non-US-and-Canada) place before the weekend is over.
But if people get it from MIT directly, then MIT is violating ITAR/DTR, and its lawyers would be justified in shutting things down. If it's pulled down by a US citizen, and then sent out, I don't see how MIT could be held responsible for it. Bob