On Tue, 26 May 2009, Tom "spot" Callaway wrote: Though I am also not a lawyer, I did look into things, being upstream for openswan and an author of a book containing crypto, a rather crypto heavy application and book...
There are 6 countries that Fedora cannot be legally exported to (as a result of US export restrictions): Cuba, Iran, Iraq, North Korea, Sudan and Syria
I think technically, this restriction only applies on the export of the software out of the US. For those outside the US, US law/doctrine does not apply (even though the US claims it does). Rather, for most Western countries, implementation of the Wassenaar Agreement in local law applies, where some countries have extended the export restrictios as set forth in the Wassenaar Agreement. In Europe, there is also the European Union Dual-Use Export laws.
These are known as the "T-6" countries. No individual associated with the Fedora project (or mirror site) should provide Fedora software to anyone in those countries, even if they are not in the US.
This is again US doctrine. It becomes even stranger as in my case, Fedora imports openswan from The Netherlands, and then tells me I could not obtain my own GPL licensed code to do what is legal within my country? Though in this case, there is a large overlap of implementation of the Wassenaar Agreement.
"Because Fedora software contains encryption technology, Fedora software and technical information is subject to the U.S. Export Administration Regulations and other U.S. and foreign law, and may not be exported or re-exported to certain countries (currently Cuba, Iran, Iraq, North Korea, Sudan and Syria)
See above. Note that the Wassenaar Agreement excludes software that is in the "public domain", eg free/open source software.
or to persons or entities prohibited from receiving U.S. exports (including those (a) on the Bureau of Industry and Security Denied Parties List or Entity List, (b) on the Office of Foreign Assets Control list of Specially Designated Nationals and Blocked Persons, and (c) involved with missile technology or nuclear, chemical or biological weapons).
This is technically a violation of GPL, and could mean that anyone distributing Fedora with those restrictions has lost their rights to use and/or distribute the GPL software contained within Fedora.
You may not download Fedora software or technical information if you are located in one of these countries, or otherwise affected by these restrictions. You may not provide Fedora software or technical information to individuals or entities located in one of these countries or otherwise affected by these restrictions. You are also responsible for compliance with foreign law requirements applicable to the import and use of Fedora software and technical information."
This is just boilerplate for more "US law applies to non-US citizens because we say so" doctrine. Though it does not apply to non-US citizens, there is a risk. I formulated it like this in the Openswan book: Unrecognised international claims Certain countries claim jurisdiction even outside their national borders. Most notably, France claims the right to “regulate information on foreign servers”, Italy assumes jurisdiction over sites "directed to an Italian audience" and the US reserve the right to prosecute "offenses against American interests" according to US law, irrespective of where they take place. You may want to consider the possibility that you can be sued or prosecuted in another country. Additionally, if you are physically in a country other than the Netherlands when you download our software, you are probably subject to that country's jurisdiction anyway. And if your download happens to pass a router under US control (say in Guam), the US might make additional claims to rights for restriction of your packets or even your person. Note that this text was written a few years ago. For an updated situation, one should probably consult their local lawyer, please the updates from http://www.wassenaar.org/ Paul -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
