On 01/16/2014 10:45 PM, Stephen Harris wrote:
On Thu, Jan 16, 2014 at 10:29:09PM -0500, Joseph Godino wrote:
stating and what it was referring to. Please retract the word new.
That's the point though. If "you" (for generic values of "you") export code under US legal restriction from the US then you're in breach of US regulations. Whether you know about it or not.
Fun, huh?
If "you" run a mirror then you get to determine your legal risk and whether you should keep the mirror. The CentOS team are not lawyers; they can't tell you.
It's a fun legal question as to who does the export; the person making available for export on a web site or the person downloading from that website. As far as I know it's not really settled. In my opinion the RedHat wording is a prayer hoping that'll cover them :-) But I'm not a lawyer, either!
At one point a major unix manufacturer tried to get around this by having the crypto code written in another country by citizens of that country. They got shut down as re-exporting. In the end, they had to ship broken software that required customers to optain the critical code from this other country. This was part of our action to show how unenforceable ITAR was wrt cryptography as munitions. Some likened it to shipping guns without firing pins or ammo; which were readily available from other sources.
But at any point, someone in State can decide someone's actions violate the law and go after them. Ask Phil Zimmerman...