Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 35

Thread: Fedora To Have A "Don't Ask, Don't Tell" For Contributors

  1. #11
    Join Date
    Aug 2012
    Location
    Pennsylvania, United States
    Posts
    1,891

    Default

    Quote Originally Posted by Anvil View Post
    this is going to far IMO, soon Fedora will have most of its packages in the non-free RPMFusion Repo, but my question, why wasnt this done years ago when the project got started, why now? i find that a bit odd to say the least.

    people may just Jump ship an go over to another Distro like OpenSuse or any other RPM based Distro to avoid the politics
    ALL US based distros technically are under these requirements, its simply US law. Suse isn't excluded there

  2. #12
    Join Date
    Apr 2010
    Location
    Australia
    Posts
    77

    Default

    Quote Originally Posted by Ericg View Post
    ALL US based distros technically are under these requirements, its simply US law. Suse isn't excluded there
    Yes i know about Suse. but this problem should have been dealt with years ago, NOT NOW.Mageia either doesnt have the problem of US Dodgy laws either
    Last edited by Anvil; 03-05-2014 at 08:46 PM.

  3. #13
    Join Date
    Mar 2011
    Posts
    378

    Default

    Quote Originally Posted by Ericg View Post
    ALL US based distros technically are under these requirements, its simply US law. Suse isn't excluded there
    According to wikipedia.de while they where connected to Novell (US) in the past now the SUSE Linux GmbH is located in Germany (GmbH is even a german sentence: "Gesellschaft mit beschränkter Haftung"). So you're wrong: They are excluded there.

  4. #14
    Join Date
    Feb 2012
    Location
    Austin, TX, USA
    Posts
    43

    Default

    1. All governments sometimes enforce export restrictions, so this concern would not just be limited to the US

    2. The Wassenaar Arrangement, the big international, intergovernmental agreement on export restrictions, has specific exceptions for free and open source software. Wassenaar even exempts cryptography from control if it is open source and is in the domain of information security.

    So, realistically, Fedora can accept contributions from developers from any country, as long as the project is open source. However, the implementation of these restrictions can change at any time, so all projects would be wise to audit submissions from certain countries, AND have a strategy in place for quickly replacing those contributions in the event of a new crackdown.

    To understand the impact of the Wassenaar Arrangement exceptions on open source software development:
    https://www.privacyinternational.org...uncontrollable

  5. #15
    Join Date
    Aug 2012
    Location
    Pennsylvania, United States
    Posts
    1,891

    Default

    Quote Originally Posted by TAXI View Post
    According to wikipedia.de while they where connected to Novell (US) in the past now the SUSE Linux GmbH is located in Germany (GmbH is even a german sentence: "Gesellschaft mit beschränkter Haftung"). So you're wrong: They are excluded there.
    Didn't know they had fully changed hands, though Germany probably their own restrictions in place too

  6. #16
    Join Date
    Jul 2013
    Posts
    66

    Default

    Those are terrorist country according to wikipedia... help them if you are stupid. bye

  7. #17
    Join Date
    May 2013
    Posts
    537

    Default Under the Wassenaar Agreement it appears we get a structural advantage over states

    Quote Originally Posted by andyprough View Post
    1. All governments sometimes enforce export restrictions, so this concern would not just be limited to the US

    2. The Wassenaar Arrangement, the big international, intergovernmental agreement on export restrictions, has specific exceptions for free and open source software. Wassenaar even exempts cryptography from control if it is open source and is in the domain of information security.

    So, realistically, Fedora can accept contributions from developers from any country, as long as the project is open source. However, the implementation of these restrictions can change at any time, so all projects would be wise to audit submissions from certain countries, AND have a strategy in place for quickly replacing those contributions in the event of a new crackdown.

    To understand the impact of the Wassenaar Arrangement exceptions on open source software development:
    https://www.privacyinternational.org...uncontrollable
    This is interesting: If you have to open-source your software to get out of export controls, this means open-source tools for privacy and security like Tor can cross International borders far more easily than state-level malware like FinFisher written by private contractors. FinFisher is Windows malware that has been used in places like Tunesia to spy on civil society activists and general dissidents. If the authors of FinFisher and similar malware had to release their source code to the public to get out of the country of development, countermeasure would be deployed within hours as the names of all installed files would be known, and the command and control servers could be taken down by the host governments or just by cyber counterattacks.

    The ugly exception is cryptography, but that cat is so long out of the bag as to be unstoppable. Open-source cryptography is "export once, available forever," and I don't think anybody but maybe PRISM-compliant commerical software uses those 56 bit keys anymore. I suppose a US website could be set to use short keys when getting an HTTPS connection from over the border, but people don't have to use that website (or trust https when gpg is available!) and I can't imagine anyone or any non-US distro letting foreign laws to which they are not subject control what cryptography they install in their browsers.

    I will freely admit to this personal goal: to see 100% of all communications "go dark" to law enforcement, globally protected with impenetrable encryption and obfuscation of both source and destination. I would so love to see the faces at Ft Meade when every phone on the planet is encrypted with ciphers they can't break, and the metadata just as hard to get at. When you do what I do in meatspace (social activism), you quickly come to consider things like the Dept of Homeland Insecurity to be the enemy.

  8. #18
    Join Date
    Oct 2011
    Location
    Rural Alberta, Canada
    Posts
    1,030

    Default

    I am getting a little sick of people complaining about the fact that Fedora is actually abiding by the laws of the country in which they operate from. Whether or not you agree with the laws regarding software patents or export restrictions in in the United States is immaterial; they need to be followed in order to ensure that both Fedora and Red Hat can continue to operate in the future.

    Of course it would be nice if all of these admittedly stupid laws would be taken off the books, but I am not going to blame Fedora or anyone else for being forced into abiding by them.

  9. #19
    Join Date
    May 2008
    Posts
    98

    Default

    Quote Originally Posted by felipe View Post
    Those are terrorist country according to wikipedia... help them if you are stupid. bye
    Help 'them'? We're talking about accepting contributions from any random individual in those countries, not from their damn government or something. Just because someone was born in a place with bad government doesn't mean that they're bad people...

  10. #20
    Join Date
    Feb 2012
    Location
    Austin, TX, USA
    Posts
    43

    Default

    Quote Originally Posted by Luke View Post
    This is interesting: If you have to open-source your software to get out of export controls, this means open-source tools for privacy and security like Tor can cross International borders far more easily than state-level malware like FinFisher written by private contractors. FinFisher is Windows malware that has been used in places like Tunesia to spy on civil society activists and general dissidents. If the authors of FinFisher and similar malware had to release their source code to the public to get out of the country of development, countermeasure would be deployed within hours as the names of all installed files would be known, and the command and control servers could be taken down by the host governments or just by cyber counterattacks.
    Yes, privately contracted, proprietary software would most likely fall under the export restrictions. But, off-the-shelf, commodity software that is commonly available also has an exception under the Wassenaar Arrangement. One reason that I think distros like openSUSE and Fedora should start putting boxed versions of their distros on the shelves of every computer store again, like their parents SUSE and Red Hat did in the late 90's and early 00's. Give the consumer a DVD and a printed manual and 90-days of phone support for $30, and you have another cheap exception (along with your open source licensing) to the export restrictions in most countries.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •