SecDriver 1.1 versus 1.2

[Hal]

Aside from the technical differences between the two packages, I think
the more significant difference is in the distribution.  Edgar's 1.2
documentation encourages users to put the package up for FTP, while
Mike's 1.0 (and, I presume, 1.1) docs ask that this not be done.

Mike wants to protect himself against a PGP-style investigation into
export of software.  But if 1.2 is put up for FTP, it could conceivably
lead to such an investigation.  And Mike would presumably be a
potential target.

This is a confusing situation.  What rights does Mike have to control a
derivative product like 1.2, given that he is releasing it under the
Gnu Public License?

Maybe the GPL is not appropriate for the release of crypto software, at
least if the author will attempt to restrict its distribution in this
way.

I don't blame Mike for his concern, but I think we need to recognize an
inconsistency between the following three goals, for U.S. citizens at
least: public recognition as the author of a crypto package; avoidance
of Grand Jury investigations; free availability of the package in the
U.S.

Hal