[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: US citizens uploading to non-us

Hi Wichert

On Tue, Nov 21, 2000 at 04:20:27PM +0100, Wichert Akkerman wrote:
> Previously Sam Hartman wrote:
> > I can't find an answer to the question on this list's archives and so
> > I'm asking it again.  It seems fairly clear to me that the answer is
> > yes, if proper procedures are followed, but since export issues are
> > kind of touchy I want to make sure that I'm not missing something.
> I'm reading up on the documentation for it now; it seems that with
> some exception we can indeed put crypto in the main archive now, esp.
> with the policy changes from last month.

First let me say that I have no legal training what so ever, but I do
know that the words used in legal documents are important.  I would 
like to draw your attention to:

	"Posting of the source code or corresponding object
	code on the Internet ... where it may be downloaded
	by anyone would not establish "knowledge" of a
	prohibited export or reexport, including that
	described in paragraph (e)(2) of this section."

The question that came to my mind is if we had a Debian member in Cuba,
Iran, Iraq, Libya, North Korea, Sudan or Syria wouldn't we "know" that
they would be downloading crypo software from a site within the USA.
Wouldn't that cause use to fall foul of EAR.  From reading 
http://www.bxa.doc.gov/Enforcement/knowcust.htm (2) 

	"...you have a duty to check out the suspicious
	circumstances and inquire about the end-use, end-user
	or ultimate country of destination."

As a new member of Debian I would not like to restrict a citizen of a country
that the US Government (or any other government) disapproves of of becoming
a member of Debian.  

I am looking at ITPing some software that has an OpenSSL module and 
therefore I would feel uncomfortable about posting this into the USA
(I'm British).

I would have though that it would NOT be prudent to move the crypo 
archives into the USA.


Reply to: