Anyway the server is on US. For instance Cuba developers dont have access
to sourceforge because it is under North American law. Despite the fact
that the projects are not all american, it is important where the repo is.
Github is in US Servers.
El nov 5, 2013 10:23 PM, "[email protected]" <[email protected]>
escribió:
> I agree that the openpgpjs project is probably developed mostly in Europe,
> etc., and that U.S. export control laws don't apply there. But those laws
> do apply in the U.S. and require a simple one-time notification to be sent.
>
> If the project contributors intentionally decide that contributors who are
> U.S. persons should be excluded from participating in the project, that's
> okay, but it should be an explicit decision.
>
> If U.S. contributors are welcome, then sending the notification is a small
> price to pay. If not, then why not warn U.S. contributors to be aware of
> their vulnerable position if they choose to contribute?
>
>
> ------------------------------------------------------
>
> Hi,
>
> IANAL, but I'm pretty sure there is no requirement for requesting any
> permit for exporting OpenPGP.js. Debian is registered as some kind of
> non-profit organization in the US. What exactly makes OpenPGP.js American?
> American export laws only apply to Americans. Either way:
>
> Zimmermann was freed from similar charges: "After a report from RSA Data
> Security, Inc., who were in a licensing dispute with regard to use of the
> RSA algorithm in PGP, the United States Customs Service started a criminal
> investigation of Zimmermann, for allegedly violating the Arms Export
> Control Act.[3] The United States Government had long regarded
> cryptographic software as a munition, and thus subject to arms trafficking
> export controls. At that time, the boundary between what cryptography was
> permitted ("low-strength") and impermissible ("high-strength") for export
> from the United States was placed such that PGP well on the
> too-strong-to-export side of the boundary. The boundary for legal export
> has since been raised and now allows PGP to be exported. The investigation
> lasted three years, but was finally dropped without filing charges." -
> http://en.wikipedia.org/wiki/Phil_Zimmermann#Criminal_investigation
>
> 6. In §742.15, the licensing policy section for exports and reexports of
> encryption items is changed as follows:
>
> a. Review and classification are required by BXA before certain encryption
> items can be released from "EI" and "NS" controls under ECCNs 5A992, 5D992
> and 5E992. These items include: 64-bit mass market encryption commodities
> and software; certain encryption items up to and including 56-bits; and
> asymmetric key exchange algorithms not exceeding 512 bits or an elliptic
> curve at 112 bits. *Encryption items under these ECCNs do not require a
> license or license exception and may be exported and reexported as "NLR"
> (No License Required).*
>
> "Legal challenges by Peter Junger and other civil libertarians and privacy
> advocates, the widespread availability of encryption software outside the
> U.S., and the perception by many companies that adverse publicity about
> weak encryption was limiting their sales and the growth of e-commerce, led
> to a series of relaxations in US export controls, culminating in 1996 in
> President Bill Clinton signing the Executive order 13026[7] transferring
> the commercial encryption from the Munition List to the Commerce Control
> List. Furthermore, the order stated that, "the software shall not be
> considered or treated as 'technology'" in the sense of Export
> Administration Regulations. This order permitted the United States
> Department of Commerce to implement rules that greatly simplified the
> export of commercial and open source software containing cryptography,
> which they did in 2000." -
> http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States#PC_era
> On 10/29/2013 08:18 AM, [email protected] wrote:
>
> Contributors based in the United States are required by US law to notify
> the Bureau of Export Administration when making open-source encryption code
> available publicly. This may also applly for projects hosted in the US.
>
> See this Debian notification for an example:
> http://www.debian.org/legal/notificationforarchive.en.html
>
> *Has this been done for openpgpjs yet?* If not, should this task be added
> to the list?
>
> (More information available from EPIC here:
> http://epic.org/crypto/export_controls/regs_1_00.html )
>
>
> _______________________________________________
>
> http://openpgpjs.org
> Subscribe/unsubscribe: http://list.openpgpjs.org
>
_______________________________________________
http://openpgpjs.org
Subscribe/unsubscribe: http://list.openpgpjs.org
