Hi, In the legal information of some Linux Distribution, I have seen an Export Compliance/Customs Information like this:
> Export Compliance/Customs Information > > By downloading XXX Linux software, you acknowledge that you understand all of > the following: > > XXX Linux software and technical information may be subject to the U.S. > Export Administration Regulations (the “EAR”) and other U.S. and foreign laws > and may not be exported, re-exported or transferred (a) to a prohibited > destination country under the EAR or U.S. sanctions regulations (currently > Cuba, Iran, North Korea, Sudan, Syria, and the Crimea Region of Ukraine, > subject to change as posted by the United States government); (b) to any > prohibited destination or to any end user who has been prohibited from > participating in U.S. export transactions by any federal agency of the U.S. > government; or (c) for use in connection with the design, development or > production of nuclear, chemical or biological weapons, or rocket systems, > space launch vehicles, or sounding rockets, or unmanned air vehicle systems. > > You may not download XXX Linux software or technical information if you are > located in one of these countries or otherwise subject to these restrictions. > You may not provide XXX Linux software or technical information to > individuals or entities located in one of these countries or otherwise > subject to these restrictions. You are also responsible for compliance with > foreign law requirements applicable to the import, export and use of XXX > Linux software and technical information. XXX Linux software in source code > and binary code form are publicly available and are not subject to the EAR in > accordance with §742.15(b). Which tells us that the software and technical information were subject to the U.S. Export Administration Regulations (the “EAR”). But the open-sourced source code and binary code are not. But I cannot find this kind of information on Debian website and wiki. I understand that the Debian source code is not subject to the EAR, but is the software (as I understand, it’s the packaged version of the software, for example, ISOs) distributed on the website (debian.org) subject to the regulations? I read some documents on the wiki (https://wiki.debian.org/USExportControl, https://www.debian.org/legal/cryptoinmain, and https://www.debian.org/legal/notificationforarchive), but they did not answer directly on the question. If I have anything that I misunderstood, please tell me. Best regards, Qian Qian
