. Cubik65536 writes: > In the legal information of some Linux Distribution, I have seen an Export > Compliance/Customs Information like this: > >> Export Compliance/Customs Information >> >> By downloading XXX Linux software, you acknowledge that you >> understand all of the following: >> >> XXX Linux software and technical information may be subject to the >> U.S. Export Administration Regulations (the “EAR”) and other U.S. and >> foreign laws and may not be exported, re-exported or transferred (a) >> to a prohibited destination country under the EAR or U.S. sanctions >> regulations (currently Cuba, Iran, North Korea, Sudan, Syria, and the >> Crimea Region of Ukraine, subject to change as posted by the United >> States government); (b) to any prohibited destination or to any end >> user who has been prohibited from participating in U.S. export >> transactions by any federal agency of the U.S. government; or (c) for >> use in connection with the design, development or production of >> nuclear, chemical or biological weapons, or rocket systems, space >> launch vehicles, or sounding rockets, or unmanned air vehicle >> systems. >> >> You may not download XXX Linux software or technical information if >> you are located in one of these countries or otherwise subject to >> these restrictions. You may not provide XXX Linux software or >> technical information to individuals or entities located in one of >> these countries or otherwise subject to these restrictions. You are >> also responsible for compliance with foreign law requirements >> applicable to the import, export and use of XXX Linux software and >> technical information. XXX Linux software in source code and binary >> code form are publicly available and are not subject to the EAR in >> accordance with §742.15(b). > > > Which tells us that the software and technical information were > subject to the U.S. Export Administration Regulations (the “EAR”). But > the open-sourced source code and binary code are not. But I cannot > find this kind of information on Debian website and wiki. I understand > that the Debian source code is not subject to the EAR, but is the > software (as I understand, it’s the packaged version of the software, > for example, ISOs) distributed on the website (debian.org) subject to > the regulations? I read some documents on the wiki > (https://wiki.debian.org/USExportControl, > https://www.debian.org/legal/cryptoinmain, and > https://www.debian.org/legal/notificationforarchive), but they did not > answer directly on the question. > > If I have anything that I misunderstood, please tell me.
What exactly is and is not export controlled is something that changes over time. I am pretty sure that everyone on both sides agreed that exporting a printed book is OK. Anything beyond that becomes an exercise in parsing Supreme Court opinions and governmental regulations. So I do not think that we can give you a definitive answer. We can only tell you what Debian did, which is send a letter to BXA. I think Debian used to send letters every time crypto software was updated, but BXA asked them to stop. Cheers, Walter Landry