[CentOS] [CentOS-announce] CentOS Project joins forces with Red Hat

Fri Jan 17 13:04:54 UTC 2014
Robert Moskowitz <rgm at htt-consult.com>

On 01/16/2014 09:14 PM, Nux! wrote:
> On 08.01.2014 01:04, Always Learning wrote:
>> On Tue, 2014-01-07 at 21:09 +0000, Karanbir Singh wrote:
>>
>>> With great excitement I'd like to announce that we are joining the
>>> Red
>>> Hat family. The CentOS Project ( http://www.centos.org ) is joining
>>> forces with Red Hat. Working as part of the Open Source and Standards
>>> team ( http://community.redhat.com/ ) to foster rapid innovation
>>> beyond the platform into the next generation of emerging
>>> technologies.
>>> Working alongside the Fedora and RHEL ecosystems, we hope to further
>>> expand on the community offerings by providing a platform that is
>>> easily consumed, by other projects to promote their code while we
>>> maintain the established base.
>> But there is more to Red Hat's de facto "take-over" including the
>> imposition of USA's domestic law on citizens all around the world.
>>
>> The compulsory imposition of USA law on all Centos downloaders creates
>> the possibility of being arrested in one's home country and sent to
>> the
>> USA for a criminal trial.  A few people in Britain have been
>> extradited
>> to the USA for criminal trials for matters which are not criminal in
>> Britain.
>>
>> Can anyone remember seeing this on the old Centos .... ?
> These restrictions were always inherited. Theoretically if you use
> cryptographic software developed in USA you are "bound" to these rules.
> In many cases if you use for example OpenSSL in Windows, Ubuntu,
> Android etc etc you are still affected (I think), it's just that now
> it's written somewhere.
> In practice this is not very relevant and also pretty unenforceable;
> not to mention that - to my understanding - it contradicts the GPL.
> RH needs to specify this legal bit so uncle Sam is happy. Just do
> whatever everyone else does, ignore it.

ITAR is a 1947 treaty the binds all signatures to treat cryptographic 
'artifacts' as munitions and abide by the export restrictions that exist 
for all munitions. Period. Full stop.

This includes Crackerjacks (tm) encoder rings that I played with as a 
kid! Really! Someone in the US State department figured this out.

The only exception in the treaty is cryptographic academic papers (how 
we got pgpv3 exported, in book form); but even this got challenged 
because of the pgp export.

And like all treaty provisions regarding munitions export, they are open 
to interpretaton and enforcement. I leave the rest of the logic, or lack 
thereof to you.

(I lived this very closely back in the late '90s. I could, and have, 
tell you stories of the conversations back then)