On 01/16/2014 10:45 PM, Stephen Harris wrote:
> On Thu, Jan 16, 2014 at 10:29:09PM -0500, Joseph Godino wrote:
>> stating and what it was referring to. Please retract the word new.
> That's the point though. If "you" (for generic values of "you") export
> code under US legal restriction from the US then you're in breach of
> US regulations. Whether you know about it or not.
>
> Fun, huh?
>
> If "you" run a mirror then you get to determine your legal risk and
> whether you should keep the mirror. The CentOS team are not lawyers;
> they can't tell you.
>
> It's a fun legal question as to who does the export; the person
> making available for export on a web site or the person downloading
> from that website. As far as I know it's not really settled. In
> my opinion the RedHat wording is a prayer hoping that'll cover them :-)
> But I'm not a lawyer, either!
At one point a major unix manufacturer tried to get around this by
having the crypto code written in another country by citizens of that
country. They got shut down as re-exporting. In the end, they had to
ship broken software that required customers to optain the critical code
from this other country. This was part of our action to show how
unenforceable ITAR was wrt cryptography as munitions. Some likened it to
shipping guns without firing pins or ammo; which were readily available
from other sources.
But at any point, someone in State can decide someone's actions violate
the law and go after them. Ask Phil Zimmerman...
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
