Re: A followup on github discussion
On Fri, Jul 26, 2019 at 06:39:51PM +0300, Reco wrote:
> On Fri, Jul 26, 2019 at 09:12:48AM -0400, Roberto C. Sánchez wrote:
> > On Fri, Jul 26, 2019 at 03:53:50PM +0300, Reco wrote:
> > > So, dear list,
> > >
> > > this is just a quick followup on discrimination practices employed by
> > > GitHub.
> > > Today it was brought to my attention that GitHub has restricted access
> > > to users who live in countries that have US sanctions applied - [1].
> > >
> > > Therefore, if somebody is still had any doubts that GitHub does not
> > > respect software freedoms - leave any hope. GitHub is unsuitable for
> > > hosting free software.
> > >
> > Well, that's a very nice slant you put on the issue. As a public
> > company in the US, GitHub is expected to respect US law.
>
> And last time I've checked, so is Software In Public Interest.
>
>
> > Certainly there are instances where civil disobedience is called for,
> > but violating export regulations is perhaps not the best choice.
>
> And the same logic can be applied to SPI and therefore Debian Project.
> Or, maybe not?
>
Perhaps you are not familiar with Debian project history. There was a
time when cryptographic software in Debian was hosted outside the US (in
the "non-US" repository) so that Debian users outside the US could have
access to strong crypto-enabled packages (e.g., Mozilla with more than
40-bit encryption).
Does Debian's respect for US law in that case somehow manifest itself as
black mark against the project? Should Debian as a project have just
said, "forget it, we'll host the strong crypto here in the US for
everybody in the world, even though it is against the law, whatever the
consequences?"
The laws/regulations around that "strong crypto is a munition" have
mostly been resolved, thanks in part to the advocacy of people in
projects, like Debian.
Had the project deliberately broken the law, I suspect we would not have
the vibrant project that we have today.
>
> > Also, the article which you linked explicitly states that they are
> > working with regulators to help them understand that GitHub providing
> > services in sanctioned markets actually *supports* the US government's
> > foreign policy objectives of free flow of information and free speech.
>
> And it also mentions, quoting:
>
> Users are responsible for ensuring that the content they develop and
> share on GitHub.com complies with the U.S. export control laws,
> including the EAR and the U.S. International Traffic in Arms Regulations
> (ITAR).
>
What's your point? Similar dervices with data centers and hosting in
Europe have similar disclaimers stating that users are responsible for
GDPR compliance. In fact, disclaimers of the like are rather common.
For example, like this one from the MOTD on one of my Debian servers:
"Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law."
That could easily be rewritten as:
"Users are reponsible for anything they do with this collection of
software packages and for making sure that its use complies with
applicable laws in the applicable jurisdiction(s)."
Regards,
-Roberto
--
Roberto C. Sánchez
Reply to: