On Thu, Mar 14, 2002 at 02:45:07PM +0100, Pascal Chevrel wrote:
> Peter Lairo a dit :
> >Gervase Markham wrote:
> >
> >>>Um, this isn't like the US is saying "Ok, Italy you can't have this
> >>>software". Look at the countries that are banned. Geez
> >>
> >>
> >>"Oh, it's OK, it's only Libya, and everyone knows all Libyans are evil"?
> >>
> >>I strongly disagree with this attitude. You should not discriminate
> >>against an individual based on what country they are from.
> >
> >
> >If a person lives in a country that threatens the peace of other
> >countries, then that person either should leave that country or live
> >with the consequences of staying there.
> >
> >There must be a healthy and dynamic balance between general protection
> >of the population (restrictive laws) and individual rights (lack of
> >restrictive laws). Neither extreme is good. ;)
> May I remind you that many democratic countries do not agree with the
> USA about this list of "enemies" ? Moreover, I do not see why a free,
> international and open source project should be ruled by any American
> commercial export law.
Well, it would help if some of you would read the regulations
(I have). Those regulations have rather explicit exemptions for
open source projects, the binaries that are based on them, and the
sites which host them. Specifically, and explicitly, sites which
host cryptography in source form or based on freely available sources,
are exempt from the "safe harbor" (aka "cover your ass" announcements
and due diligence practices) and "know your customer" (identification
and tracking) requirements. In other words, you as a site operator,
do NOT have to take any measures to restrict who can download from your
site or even recognize or know where the downloads are going to. The
only requirements on the ORIGINAL sites hosting cryptography is to
send a message to the BXA notifying them that the site is hosting
cryptography. Nothing more. You don't even have to tell them what
cryptography or provide them with copies (unlike the commercial stuff
which has much stricter regulations). Mirror sites are even exempt
from the notification requirements. The notice on the Mozilla site
is NOT required in any way shape or form in the regulations. Some
lawyers have recommended these notices as sort of a "cover your ass"
action but they are not part of the regulations themselves. If it
WERE commercial or encumbered software or if the sources were not
available, then it would be a different matter. That may be why
some lawyers are recommending some of these announcements even
though they are not required.
While the regulations in total are pretty thick, the sections
which apply to open source software are reasonably readable. I'll
posted pointers to the appropriate chapter and vers on the government
site later (I don't have the at my finger tips at the moment).
> Pascal
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
