Announcement

Collapse
No announcement yet.

Fedora To Have A "Don't Ask, Don't Tell" For Contributors

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Those are terrorist country according to wikipedia... help them if you are stupid. bye

    Comment


    • #17
      Under the Wassenaar Agreement it appears we get a structural advantage over states

      Originally posted by andyprough View Post
      1. All governments sometimes enforce export restrictions, so this concern would not just be limited to the US

      2. The Wassenaar Arrangement, the big international, intergovernmental agreement on export restrictions, has specific exceptions for free and open source software. Wassenaar even exempts cryptography from control if it is open source and is in the domain of information security.

      So, realistically, Fedora can accept contributions from developers from any country, as long as the project is open source. However, the implementation of these restrictions can change at any time, so all projects would be wise to audit submissions from certain countries, AND have a strategy in place for quickly replacing those contributions in the event of a new crackdown.

      To understand the impact of the Wassenaar Arrangement exceptions on open source software development:
      https://www.privacyinternational.org...uncontrollable
      This is interesting: If you have to open-source your software to get out of export controls, this means open-source tools for privacy and security like Tor can cross International borders far more easily than state-level malware like FinFisher written by private contractors. FinFisher is Windows malware that has been used in places like Tunesia to spy on civil society activists and general dissidents. If the authors of FinFisher and similar malware had to release their source code to the public to get out of the country of development, countermeasure would be deployed within hours as the names of all installed files would be known, and the command and control servers could be taken down by the host governments or just by cyber counterattacks.

      The ugly exception is cryptography, but that cat is so long out of the bag as to be unstoppable. Open-source cryptography is "export once, available forever," and I don't think anybody but maybe PRISM-compliant commerical software uses those 56 bit keys anymore. I suppose a US website could be set to use short keys when getting an HTTPS connection from over the border, but people don't have to use that website (or trust https when gpg is available!) and I can't imagine anyone or any non-US distro letting foreign laws to which they are not subject control what cryptography they install in their browsers.

      I will freely admit to this personal goal: to see 100% of all communications "go dark" to law enforcement, globally protected with impenetrable encryption and obfuscation of both source and destination. I would so love to see the faces at Ft Meade when every phone on the planet is encrypted with ciphers they can't break, and the metadata just as hard to get at. When you do what I do in meatspace (social activism), you quickly come to consider things like the Dept of Homeland Insecurity to be the enemy.

      Comment


      • #18
        I am getting a little sick of people complaining about the fact that Fedora is actually abiding by the laws of the country in which they operate from. Whether or not you agree with the laws regarding software patents or export restrictions in in the United States is immaterial; they need to be followed in order to ensure that both Fedora and Red Hat can continue to operate in the future.

        Of course it would be nice if all of these admittedly stupid laws would be taken off the books, but I am not going to blame Fedora or anyone else for being forced into abiding by them.

        Comment


        • #19
          Originally posted by felipe View Post
          Those are terrorist country according to wikipedia... help them if you are stupid. bye
          Help 'them'? We're talking about accepting contributions from any random individual in those countries, not from their damn government or something. Just because someone was born in a place with bad government doesn't mean that they're bad people...

          Comment


          • #20
            Originally posted by Luke View Post
            This is interesting: If you have to open-source your software to get out of export controls, this means open-source tools for privacy and security like Tor can cross International borders far more easily than state-level malware like FinFisher written by private contractors. FinFisher is Windows malware that has been used in places like Tunesia to spy on civil society activists and general dissidents. If the authors of FinFisher and similar malware had to release their source code to the public to get out of the country of development, countermeasure would be deployed within hours as the names of all installed files would be known, and the command and control servers could be taken down by the host governments or just by cyber counterattacks.
            Yes, privately contracted, proprietary software would most likely fall under the export restrictions. But, off-the-shelf, commodity software that is commonly available also has an exception under the Wassenaar Arrangement. One reason that I think distros like openSUSE and Fedora should start putting boxed versions of their distros on the shelves of every computer store again, like their parents SUSE and Red Hat did in the late 90's and early 00's. Give the consumer a DVD and a printed manual and 90-days of phone support for $30, and you have another cheap exception (along with your open source licensing) to the export restrictions in most countries.

            Comment


            • #21
              Originally posted by Vash63 View Post
              Help 'them'? We're talking about accepting contributions from any random individual in those countries, not from their damn government or something. Just because someone was born in a place with bad government doesn't mean that they're bad people...
              Or that being declared export restricted by the US necessarily means that you do or do not have a bad government, but that is a whole other issue.

              Comment


              • #22
                Originally posted by Ericg View Post
                Didn't know they had fully changed hands, though Germany probably their own restrictions in place too
                Nope, not for software.

                Comment


                • #23
                  Does anyone understand what this law actually is? If it blocks US companies from receiving software from Sudan it sounds like an import restriction.

                  Comment


                  • #24
                    Originally posted by Chaz View Post
                    Does anyone understand what this law actually is? If it blocks US companies from receiving software from Sudan it sounds like an import restriction.
                    +1

                    the only thing i could imagine is that it would be a paid job. so there would be money outflow...

                    Comment


                    • #25
                      Originally posted by Chaz View Post
                      Does anyone understand what this law actually is? If it blocks US companies from receiving software from Sudan it sounds like an import restriction.
                      I've been sitting here the whole time thinking the same thing. That software is being imported to the US from outside the US (hence the usage of the term import!). Sitting in my armless chair, it seems to me should have nothing to do with exporting, which the US applies to products that pass through its borders.

                      So, is it a poor choice of wording in the article, or am I missing something?

                      Comment


                      • #26
                        Originally posted by felipe View Post
                        Those are terrorist country according to wikipedia... help them if you are stupid. bye

                        Comment


                        • #27
                          Originally posted by Ericg View Post
                          Didn't know they had fully changed hands, though Germany probably their own restrictions in place too
                          I don't understand this confusion, SUSE was a German company from day one.

                          They were owned by Novell at some point, but that doesn't make them a US company. Chrysler is owned by Fiat, and previously by Benz, but it doesn't mean that Chrysler is now an Italian company, and that it was a German company.
                          Last edited by pingufunkybeat; 03-06-2014, 07:24 AM.

                          Comment


                          • #28
                            Originally posted by pingufunkybeat View Post
                            Chrysler is owned by Fiat, and previously by Benz, but it doesn't mean that Chrysler is now an Italian company, and that it was a German company.
                            I thought that benz didn't own Chrysler but that it's been a fusion!?

                            Comment


                            • #29
                              Originally posted by Nuc!eoN View Post
                              I thought that benz didn't own Chrysler but that it's been a fusion!?
                              Yes, that is what they called it.

                              It was a bit like Facebook merging with WhatsApp

                              Comment


                              • #30
                                Originally posted by dstaubsauger View Post
                                And then they redifine "military equipment" to include Cryptography software and 3D printer drivers…
                                That's indeed the case, and the reason why it can't be exported. Cryptography software above a certain theshold was considered as "Munition" and was controlled.
                                (That's why at some point, US companies weren't allowed to sell abroad software with DES encryption more than 56 bits).

                                PGP's Author did have problems because of that.

                                Would it change anything if fedora hosted their stuff somewhere outside the united states?
                                That's how Debian does it: they have a "non-US" repository, which is out of reach of the US government and is used for this kind of things (cryptography, DRM circumvention and reverse engineered codecs).

                                Originally posted by Chaz View Post
                                Does anyone understand what this law actually is? If it blocks US companies from receiving software from Sudan it sounds like an import restriction.
                                If it were just about fetching a software and packaging it into Fedora, that would be import.
                                But this situation is about contribution. I.e.: about people editing software that they got. Software which is illegal for them to have. And Fedora ends up involved in the process.
                                Some trigger-happy lawyer could make some shit.
                                So instead of trying to prove that no illegal export has occured, it's easier to just make the whole thing invisible.

                                Comment

                                Working...
                                X