On Tue, Oct 23, 2012 at 11:51 AM, David Ashley <[email protected]>wrote:
> Linking to a crypto library is not a problem. But including the crypto
> code in our distribution library is a major hassle. It requires that
> declarations be filed with the US government
This is no longer true for Encryption source code that would be considered
"publicly available" (e.g. "open source.")
The rules for EAR have been greatly changed since the summer of 2010. Many
items have been removed from control as encryption items.
Publicly available source code is specifically exempted from registration
declarations.
This is backed up by the Open Source Initiative, a statement by the author
of the Botan library, and the Bureau of Industry and Security regulations
I've cited.
for exporting the code to
> other countries and we are responsible for ensuring that it does not
> fall into the wrong hands (a banned country). This is not a task that
> the development team should take on as it requires that we either obtain
> the procedural knowledge for ourselves or we find someone that is
> willing to help us file the required documents for each release we do.
>
We would not have to file any required documents under the new rules. We
just need to write an e-mail notification. Publicly available source code
is not required to submit an encryption registration, classification
request, or even a self-classification report.
> I deal with this all the time here at IBM for AIX distribution. It is a
> major hassle.
>
But that is not publicly available open source code is it?
I saw something on SourceForge that indicated they would help with
clarifications here. SourceForge has a vested interest in ensuring they
are not in violation of the EAR. I'll follow up with their help, and also
see if the Open Source Initiative has some additional help.
I agree this is not something to take lightly, and in 2008 we would most
definitely have had to file formal documents or be liable for prosecution.
However, after spending about 6 hours researching this, I think we can do
this with a simple e-mail.
--
Mark Miesfeld
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Oorexx-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/oorexx-devel
