[CentOS] [CentOS-announce] CentOS Project joins forces with Red Hat

[Robert Moskowitz]

On 01/16/2014 10:45 PM, Stephen Harris wrote:
> On Thu, Jan 16, 2014 at 10:29:09PM -0500, Joseph Godino wrote:
>> stating and what it was referring to. Please retract the word new.
> That's the point though.  If "you" (for generic values of "you") export
> code under US legal restriction from the US then you're in breach of
> US regulations.  Whether you know about it or not.
>
> Fun, huh?
>
> If "you" run a mirror then you get to determine your legal risk and
> whether you should keep the mirror.  The CentOS team are not lawyers;
> they can't tell you.
>
> It's a fun legal question as to who does the export; the person
> making available for export on a web site or the person downloading
> from that website.  As far as I know it's not really settled.  In
> my opinion the RedHat wording is a prayer hoping that'll cover them :-)
> But I'm not a lawyer, either!

At one point a major unix manufacturer tried to get around this by 
having the crypto code written in another country by citizens of that 
country. They got shut down as re-exporting. In the end, they had to 
ship broken software that required customers to optain the critical code 
from this other country. This was part of our action to show how 
unenforceable ITAR was wrt cryptography as munitions. Some likened it to 
shipping guns without firing pins or ammo; which were readily available 
from other sources.

But at any point, someone in State can decide someone's actions violate 
the law and go after them. Ask Phil Zimmerman...