Announcement

Collapse
No announcement yet.

Fedora To Have A "Don't Ask, Don't Tell" For Contributors

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by Ericg View Post
    ALL US based distros technically are under these requirements, its simply US law. Suse isn't excluded there
    Yes i know about Suse. but this problem should have been dealt with years ago, NOT NOW.Mageia either doesnt have the problem of US Dodgy laws either
    Last edited by Anvil; 05 March 2014, 09:46 PM.

    Comment


    • #12
      Originally posted by Ericg View Post
      ALL US based distros technically are under these requirements, its simply US law. Suse isn't excluded there
      According to wikipedia.de while they where connected to Novell (US) in the past now the SUSE Linux GmbH is located in Germany (GmbH is even a german sentence: "Gesellschaft mit beschr?nkter Haftung"). So you're wrong: They are excluded there.

      Comment


      • #13
        1. All governments sometimes enforce export restrictions, so this concern would not just be limited to the US

        2. The Wassenaar Arrangement, the big international, intergovernmental agreement on export restrictions, has specific exceptions for free and open source software. Wassenaar even exempts cryptography from control if it is open source and is in the domain of information security.

        So, realistically, Fedora can accept contributions from developers from any country, as long as the project is open source. However, the implementation of these restrictions can change at any time, so all projects would be wise to audit submissions from certain countries, AND have a strategy in place for quickly replacing those contributions in the event of a new crackdown.

        To understand the impact of the Wassenaar Arrangement exceptions on open source software development:
        https://www.privacyinternational.org...uncontrollable

        Comment


        • #14
          Originally posted by TAXI View Post
          According to wikipedia.de while they where connected to Novell (US) in the past now the SUSE Linux GmbH is located in Germany (GmbH is even a german sentence: "Gesellschaft mit beschr?nkter Haftung"). So you're wrong: They are excluded there.
          Didn't know they had fully changed hands, though Germany probably their own restrictions in place too
          All opinions are my own not those of my employer if you know who they are.

          Comment


          • #15
            Those are terrorist country according to wikipedia... help them if you are stupid. bye

            Comment


            • #16
              Under the Wassenaar Agreement it appears we get a structural advantage over states

              Originally posted by andyprough View Post
              1. All governments sometimes enforce export restrictions, so this concern would not just be limited to the US

              2. The Wassenaar Arrangement, the big international, intergovernmental agreement on export restrictions, has specific exceptions for free and open source software. Wassenaar even exempts cryptography from control if it is open source and is in the domain of information security.

              So, realistically, Fedora can accept contributions from developers from any country, as long as the project is open source. However, the implementation of these restrictions can change at any time, so all projects would be wise to audit submissions from certain countries, AND have a strategy in place for quickly replacing those contributions in the event of a new crackdown.

              To understand the impact of the Wassenaar Arrangement exceptions on open source software development:
              https://www.privacyinternational.org...uncontrollable
              This is interesting: If you have to open-source your software to get out of export controls, this means open-source tools for privacy and security like Tor can cross International borders far more easily than state-level malware like FinFisher written by private contractors. FinFisher is Windows malware that has been used in places like Tunesia to spy on civil society activists and general dissidents. If the authors of FinFisher and similar malware had to release their source code to the public to get out of the country of development, countermeasure would be deployed within hours as the names of all installed files would be known, and the command and control servers could be taken down by the host governments or just by cyber counterattacks.

              The ugly exception is cryptography, but that cat is so long out of the bag as to be unstoppable. Open-source cryptography is "export once, available forever," and I don't think anybody but maybe PRISM-compliant commerical software uses those 56 bit keys anymore. I suppose a US website could be set to use short keys when getting an HTTPS connection from over the border, but people don't have to use that website (or trust https when gpg is available!) and I can't imagine anyone or any non-US distro letting foreign laws to which they are not subject control what cryptography they install in their browsers.

              I will freely admit to this personal goal: to see 100% of all communications "go dark" to law enforcement, globally protected with impenetrable encryption and obfuscation of both source and destination. I would so love to see the faces at Ft Meade when every phone on the planet is encrypted with ciphers they can't break, and the metadata just as hard to get at. When you do what I do in meatspace (social activism), you quickly come to consider things like the Dept of Homeland Insecurity to be the enemy.

              Comment


              • #17
                I am getting a little sick of people complaining about the fact that Fedora is actually abiding by the laws of the country in which they operate from. Whether or not you agree with the laws regarding software patents or export restrictions in in the United States is immaterial; they need to be followed in order to ensure that both Fedora and Red Hat can continue to operate in the future.

                Of course it would be nice if all of these admittedly stupid laws would be taken off the books, but I am not going to blame Fedora or anyone else for being forced into abiding by them.

                Comment


                • #18
                  Originally posted by felipe View Post
                  Those are terrorist country according to wikipedia... help them if you are stupid. bye
                  Help 'them'? We're talking about accepting contributions from any random individual in those countries, not from their damn government or something. Just because someone was born in a place with bad government doesn't mean that they're bad people...

                  Comment


                  • #19
                    Originally posted by Luke View Post
                    This is interesting: If you have to open-source your software to get out of export controls, this means open-source tools for privacy and security like Tor can cross International borders far more easily than state-level malware like FinFisher written by private contractors. FinFisher is Windows malware that has been used in places like Tunesia to spy on civil society activists and general dissidents. If the authors of FinFisher and similar malware had to release their source code to the public to get out of the country of development, countermeasure would be deployed within hours as the names of all installed files would be known, and the command and control servers could be taken down by the host governments or just by cyber counterattacks.
                    Yes, privately contracted, proprietary software would most likely fall under the export restrictions. But, off-the-shelf, commodity software that is commonly available also has an exception under the Wassenaar Arrangement. One reason that I think distros like openSUSE and Fedora should start putting boxed versions of their distros on the shelves of every computer store again, like their parents SUSE and Red Hat did in the late 90's and early 00's. Give the consumer a DVD and a printed manual and 90-days of phone support for $30, and you have another cheap exception (along with your open source licensing) to the export restrictions in most countries.

                    Comment


                    • #20
                      Originally posted by Vash63 View Post
                      Help 'them'? We're talking about accepting contributions from any random individual in those countries, not from their damn government or something. Just because someone was born in a place with bad government doesn't mean that they're bad people...
                      Or that being declared export restricted by the US necessarily means that you do or do not have a bad government, but that is a whole other issue.

                      Comment

                      Working...
                      X