Thanks, Bruce. The part about (the possibility that) squeak source is configured to restrict distribution was the missing piece for me. I had previously assumed (hah!) that it would be available to anyone anywhere.
On Sun, May 31, 2020, 10:39 Bruce O'Neel <bruce.on...@pckswarms.ch> wrote: > > Hi, > > So addressing only the crypto software issue and with the caveat that I am > also not a lawyer but I have had to deal with certain aspects of this in > the past.... > > Crypto software is one of those bizarre dual use items in terms of arms > imports and exports. While we as geeks just think of this is software or > mathematics and might be confused as to why governments care, governments > do care deeply about this. And their way of expressing how much they care > about this issue is by passing laws and prosecuting folks. > > One of the easiest ways to get in trouble is for one to make the software > available to residents and/or citizens of certain countries as well as > available to people on a long list kept by different governments. We can > have a long debate about the morality of this concept but those who make > the laws have decided that is the law. And often these laws are crafted > such that the executive can change important details on short notice and > that puts the risk of prosecution at the whims of different world leaders. > > The license that the software is released under is not important. > > What Ron is stating is that squeak source supplied some additional > protections to prevent accidentally making the software available to folks > who the US feels should not have access. > > If you have moved the software to another hosting provider without the > permission or knowledge of the author, and therefore the owner of the > software, you have put that person at additional risk. In addition you and > the hosting provider are taking on additional risk. > > If it was moved to GitHub I strongly recommend reviewing their policies on > trade controls and what risks you assume. > > https://help.github.com/en/github/site-policy/github-and-trade-controls > > > Finally I would strongly recommend talking to a competent legal advisor > who is deeply familiar with the details of these laws. They are complex > and highly variable between different parts of the world. > > I know this seems like a lot of trouble and wasted time but you can spend > a giant amount of time and money defending oneself from arms trafficking > charges. > > cheers > > bruce > > *30 May 2020 14:43 Stéphane Ducasse <stephane.duca...@inria.fr > <stephane.duca...@inria.fr>> wrote:* > > Hi all > > This is the week-end and we worked super well yesterday during the sprint. > Lot of good enhancements - Thanks a lot to all the participants. > I not really happy to be forced to do it on a sunny saturday but I’m doing > it to clarify points. > > Esteban sent me this text that was posted on Squeak-Dev (I personally do > not read squeak related forums because > I have not the time and my focus is Pharo, its consortium, my team, my > research and my family). > > We have to react because > - We do not really at ***all** understand this email > - We did not kicked anybody from our mailing-list from ages - so ron is > lying. In the past we even had discussion with ron - so we do not > really understand. May be we got problem to log on our mailing-lists. > We have no idea because we are working and not looking at such things. > - When we migrated smalltalkhub to readonly we payed attention to make > sure that private projects stay private. > We did not migrated smalltalkhub for fun. We MUST do it or it will be done > by our infrastructure! > - Now the cryptography packages are MIT and they are public anyway. So > again we do not understand anything. > > We do not get why Ron contacted us because we announced the migration > publicly way in advance and we will keep > the Smalltalkhub frozen repo for at least next 5 years. > > I feel really sorry to hear such kind of email because we do not want to > fight with anybody. > Our goal is to make sure that people can work with Pharo and expand their > business and knowledge. > We are working hard to make sure that people can invent their future with > Pharo and people that know us personally > know that we are not lying. > > S > > > > Hi all, > > I've tried to work with the Pharo group but they keep kicking me out of > their mailing list. I've already mentioned this a number of times to the > Pharo group but nobody seems to care. > > BOLD BOLD BOLD PLEASE TAKE THIS SERIOUSLY BOLD BOLD BOLD > > I am not a lawyer but we used very good lawyers to make the squeaksource > repository a safe place to do cryptography work. If you are working on > cryptography DO NOT POST your code anywhere except squeaksource. > Especially if you are in the USA. The ONLY repository that is approved to > host our cryptography code in the USA and therefore not subject to criminal > violations is squeaksource. It is a CRIME in the USA to move code and make > it available on the internet for everyone to download! It must be hosted > on squeaksoruce.com or another location that is also properly registered. > > IF YOU COPIED CRYPTOGRAPHY CODE TO ANOTHER REPOSITORY THAT IS NOT > REGISTERED I would recommend you delete it immediately. > > END BOLD! > > Please feel free to post this to the Pharo mailing list because they > apparently do not want to hear from me! > > All the best, > > Ron Teitelbaum > > > > -------------------------------------------- > Stéphane Ducasse > http://stephane.ducasse.free.fr / http://www.pharo.org > 03 59 35 87 52 > Assistant: Aurore Dalle > FAX 03 59 57 78 50 > TEL 03 59 35 86 16 > S. Ducasse - Inria > 40, avenue Halley, > Parc Scientifique de la Haute Borne, Bât.A, Park Plaza > Villeneuve d'Ascq 59650 > France > > >