On Friday 19 December 2014 16:14:43 Ben Fritz wrote:
I understand the concern. Before I came to the list I was given guidance that since the "vendor" of the libraries has not provided the ECCN that our company will need to come up with the ECCN on our own based on technical knowledge about the library. Unfortunately, I am not a developer of boost, only a user (and only indirectly at that) and therefore do not have that knowledge myself.
I do not think it is unreasonable to answer the question, "does this library contain encryption software?"
Well, as simple as that question may sound at first, it may not be an easy one to answer. You're asking if some part of Boost contains what is qualified as "encryption software" by US law, while many of us are not US residents and I would guess none of us is a lawyer either. Add to that the fact that there are pieces of Boost that are effectively unmaintained, and noone can really vouch for that code. BTW, my impression is that Boost.ASIO is currently one of such mostly unmaintained parts. If you want a definitive answer that your company will take legal responsibility for, your best bet would be to perform an internal code review with lawyer consultancy. IMHO, of course.