On Thu, Mar 14, 2002 at 02:45:07PM +0100, Pascal Chevrel wrote: > Peter Lairo a dit : > >Gervase Markham wrote: > > > >>>Um, this isn't like the US is saying "Ok, Italy you can't have this > >>>software". Look at the countries that are banned. Geez > >> > >> > >>"Oh, it's OK, it's only Libya, and everyone knows all Libyans are evil"? > >> > >>I strongly disagree with this attitude. You should not discriminate > >>against an individual based on what country they are from. > > > > > >If a person lives in a country that threatens the peace of other > >countries, then that person either should leave that country or live > >with the consequences of staying there. > > > >There must be a healthy and dynamic balance between general protection > >of the population (restrictive laws) and individual rights (lack of > >restrictive laws). Neither extreme is good. ;)
> May I remind you that many democratic countries do not agree with the > USA about this list of "enemies" ? Moreover, I do not see why a free, > international and open source project should be ruled by any American > commercial export law. Well, it would help if some of you would read the regulations (I have). Those regulations have rather explicit exemptions for open source projects, the binaries that are based on them, and the sites which host them. Specifically, and explicitly, sites which host cryptography in source form or based on freely available sources, are exempt from the "safe harbor" (aka "cover your ass" announcements and due diligence practices) and "know your customer" (identification and tracking) requirements. In other words, you as a site operator, do NOT have to take any measures to restrict who can download from your site or even recognize or know where the downloads are going to. The only requirements on the ORIGINAL sites hosting cryptography is to send a message to the BXA notifying them that the site is hosting cryptography. Nothing more. You don't even have to tell them what cryptography or provide them with copies (unlike the commercial stuff which has much stricter regulations). Mirror sites are even exempt from the notification requirements. The notice on the Mozilla site is NOT required in any way shape or form in the regulations. Some lawyers have recommended these notices as sort of a "cover your ass" action but they are not part of the regulations themselves. If it WERE commercial or encumbered software or if the sources were not available, then it would be a different matter. That may be why some lawyers are recommending some of these announcements even though they are not required. While the regulations in total are pretty thick, the sections which apply to open source software are reasonably readable. I'll posted pointers to the appropriate chapter and vers on the government site later (I don't have the at my finger tips at the moment). > Pascal Mike -- Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED] /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!