Yes, also the project is MIT so… anyone has the right to take it and use it/modify it/etc. with the only constraint of mention all the contributors.
But anyway, for me the most important question is: How far are we to provide good FFI bindings to a security library (like openssl or/and others) that will allow us to escape this situation? I really prefer not to have a hard to maintain solution that will also annoy the original authors who put its code in MIT but didn’t realise the implications of it. Esteban > On 1 Jun 2020, at 08:59, Sven Van Caekenberghe <s...@stfx.eu> wrote: > > > >> On 1 Jun 2020, at 06:39, Jerry Kott <jk...@image-ware.com> wrote: >> >> If you read the text of the EAR and take into account all other facts, I >> think that the notion that anyone should get into trouble by copying open >> source Smalltalk crypto libraries to other repositories is just a pure FUD. >> This software is open source, it is publicly available including the source >> code, it is hosted on a domain that is controlled by a non-US entity, and >> it’s easily accessible in its current form from countries that are currently >> on the US ‘vorboten’ list. > > Indeed. > >
