Re: A followup on github discussion

To: debian-user@lists.debian.org
Subject: Re: A followup on github discussion
From: David Wright <deblis@lionunicorn.co.uk>
Date: Sat, 27 Jul 2019 09:51:48 -0500
Message-id: <[🔎] 20190727145148.lrmnugltrsg4y5x2@wren.corp>
Reply-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 66010258-FFB7-4415-9AC4-AD6F7667FD7F@debian.org>
References: <[🔎] E1hqzjK-0001ir-CG@enotuniq.net> <[🔎] 20190726131248.apq74j4puhfb3knk@connexer.com> <[🔎] E1hr2Jz-0001nZ-H1@enotuniq.net> <[🔎] 20190726155607.r64ybndtanu5ec7g@connexer.com> <[🔎] E1hr2mI-0001vc-S2@enotuniq.net> <[🔎] 87wog4tb77.fsf@dhh.gt.org> <[🔎] 66010258-FFB7-4415-9AC4-AD6F7667FD7F@debian.org>

On Sat 27 Jul 2019 at 08:37:35 (+0200), Dominik George wrote:
> >Export regulations do not apply to Open Source software (Debian is an
> >example).
> 
> Source?

Pick your format:

http://www.epic.org/crypto/export_controls/finalregs.pdf
https://epic.org/crypto/export_controls/regs_1_00.html

  “3. Also in §740.13, to, in part, take into account the "open
   source" approach to software development, unrestricted encryption
   source code not subject to an express agreement for the payment of
   a licensing fee or royalty for commercial production or sale of any
   product developed using the source code can, without review, be
   released from "EI" controls and exported and reexported under
   License Exception TSU. Intellectual property protection (e.g.,
   copyright, patent, or trademark) would not, by itself, be construed
   as an express agreement for the payment of a licensing fee or
   royalty for commercial production or sale of any product developed
   using the source code. To qualify, exporters must notify BXA of the
   Internet location (e.g., URL or Internet address) or provide a copy
   of the source code by the time of export. These notifications are
   only required for the initial export; there are no notification
   requirements for end-users subsequently using the source
   code. Notification can be made by e-mail to crypt@bxa.doc.gov.

  “Review and classification are not required for foreign made
   products using this source code. Moreover, under §744.9, exporters
   of unrestricted encryption source code are not restrained from
   providing technical assistance to foreign persons working with such
   source code. In addition, exporters of source code are not subject
   to Internet download screening requirements under
   §734.2(b)(9)(iii). Posting of the source code on the Internet
   (e.g., FTP or World Wide Web site), where it may be downloaded by
   anyone, would not establish "knowledge" (as that term is defined in
   the EAR) of a prohibited export or reexport. Such posting would not
   trigger "red flags" necessitating the affirmative duty to inquire
   under the "Know Your Customer" guidance provided in Supplement
   No. 3 to Part 732. Otherwise, compliance with EAR requirements as
   to prohibited exports and reexports still apply.”

Cheers,
David.

Reply to:

References:
- A followup on github discussion
  - From: Reco <recoverym4n@enotuniq.net>
- Re: A followup on github discussion
  - From: Roberto C. Sánchez <roberto@debian.org>
- Re: A followup on github discussion
  - From: Reco <recoverym4n@enotuniq.net>
- Re: A followup on github discussion
  - From: Roberto C. Sánchez <roberto@debian.org>
- Re: A followup on github discussion
  - From: Reco <recoverym4n@enotuniq.net>
- Re: A followup on github discussion
  - From: John Hasler <jhasler@newsguy.com>
- Re: A followup on github discussion
  - From: Dominik George <natureshadow@debian.org>

Prev by Date: Re: A followup on github discussion
Next by Date: Volume jumps to maximum during Youtube stream in epiphany ( gnome web)
Previous by thread: Re: A followup on github discussion
Next by thread: Re: A followup on github discussion
Index(es):
- Date
- Thread