Originally posted by Ericg
View Post
Announcement
Collapse
No announcement yet.
Fedora To Have A "Don't Ask, Don't Tell" For Contributors
Collapse
X
-
Originally posted by Ericg View PostALL US based distros technically are under these requirements, its simply US law. Suse isn't excluded there
Comment
-
1. All governments sometimes enforce export restrictions, so this concern would not just be limited to the US
2. The Wassenaar Arrangement, the big international, intergovernmental agreement on export restrictions, has specific exceptions for free and open source software. Wassenaar even exempts cryptography from control if it is open source and is in the domain of information security.
So, realistically, Fedora can accept contributions from developers from any country, as long as the project is open source. However, the implementation of these restrictions can change at any time, so all projects would be wise to audit submissions from certain countries, AND have a strategy in place for quickly replacing those contributions in the event of a new crackdown.
To understand the impact of the Wassenaar Arrangement exceptions on open source software development:
https://www.privacyinternational.org...uncontrollable
Comment
-
Originally posted by TAXI View PostAccording to wikipedia.de while they where connected to Novell (US) in the past now the SUSE Linux GmbH is located in Germany (GmbH is even a german sentence: "Gesellschaft mit beschr?nkter Haftung"). So you're wrong: They are excluded there.All opinions are my own not those of my employer if you know who they are.
Comment
-
Under the Wassenaar Agreement it appears we get a structural advantage over states
Originally posted by andyprough View Post1. All governments sometimes enforce export restrictions, so this concern would not just be limited to the US
2. The Wassenaar Arrangement, the big international, intergovernmental agreement on export restrictions, has specific exceptions for free and open source software. Wassenaar even exempts cryptography from control if it is open source and is in the domain of information security.
So, realistically, Fedora can accept contributions from developers from any country, as long as the project is open source. However, the implementation of these restrictions can change at any time, so all projects would be wise to audit submissions from certain countries, AND have a strategy in place for quickly replacing those contributions in the event of a new crackdown.
To understand the impact of the Wassenaar Arrangement exceptions on open source software development:
https://www.privacyinternational.org...uncontrollable
The ugly exception is cryptography, but that cat is so long out of the bag as to be unstoppable. Open-source cryptography is "export once, available forever," and I don't think anybody but maybe PRISM-compliant commerical software uses those 56 bit keys anymore. I suppose a US website could be set to use short keys when getting an HTTPS connection from over the border, but people don't have to use that website (or trust https when gpg is available!) and I can't imagine anyone or any non-US distro letting foreign laws to which they are not subject control what cryptography they install in their browsers.
I will freely admit to this personal goal: to see 100% of all communications "go dark" to law enforcement, globally protected with impenetrable encryption and obfuscation of both source and destination. I would so love to see the faces at Ft Meade when every phone on the planet is encrypted with ciphers they can't break, and the metadata just as hard to get at. When you do what I do in meatspace (social activism), you quickly come to consider things like the Dept of Homeland Insecurity to be the enemy.
Comment
-
I am getting a little sick of people complaining about the fact that Fedora is actually abiding by the laws of the country in which they operate from. Whether or not you agree with the laws regarding software patents or export restrictions in in the United States is immaterial; they need to be followed in order to ensure that both Fedora and Red Hat can continue to operate in the future.
Of course it would be nice if all of these admittedly stupid laws would be taken off the books, but I am not going to blame Fedora or anyone else for being forced into abiding by them.
Comment
-
Originally posted by felipe View PostThose are terrorist country according to wikipedia... help them if you are stupid. bye
Comment
-
Originally posted by Luke View PostThis is interesting: If you have to open-source your software to get out of export controls, this means open-source tools for privacy and security like Tor can cross International borders far more easily than state-level malware like FinFisher written by private contractors. FinFisher is Windows malware that has been used in places like Tunesia to spy on civil society activists and general dissidents. If the authors of FinFisher and similar malware had to release their source code to the public to get out of the country of development, countermeasure would be deployed within hours as the names of all installed files would be known, and the command and control servers could be taken down by the host governments or just by cyber counterattacks.
Comment
-
Originally posted by Vash63 View PostHelp 'them'? We're talking about accepting contributions from any random individual in those countries, not from their damn government or something. Just because someone was born in a place with bad government doesn't mean that they're bad people...
Comment
Comment