Code contributions, ITAR/EAR, incrimination vs. contribution
Caskey L. Dickson
caskey at technocage.com
Wed Nov 11 17:14:38 CET 1998
On Wed, 11 Nov 1998, brian moore wrote:
> On Tue, Nov 10, 1998 at 08:54:23PM -0800, Caskey L. Dickson wrote:
> > On Tue, 10 Nov 1998, brian moore wrote:
> >
> > > I think the biggest problem is for those of us in the US, though.
> > > Signing such a thing could be incriminatory.
> >
> > IANAL: The FSF takes their role of defending free software very seriously.
>
> Sort of a catch-22: if you do major work it can't be included or the
> code would be compromised, but if you sign the form so it can be
> included, you've admitted to a crime.
>
> It makes it rather difficult to do much in the US except compile.
Perhaps. The admitting to working on a project that has the potential to
be in violation of the ITAR/EAR when you upload your contributions is a
sticky problem. Otoh, provided you aren't contributing code to the core
crypto engine then you aren't really doing anything. Key management, for
instance, isn't crypto, but it is a large part of any security product.
For example, I would feel perfectly justified distributing a key server
from inside the US without concern. It is no more a crypto product than
an egg timer is a bomb, despite the fact that they go well together.
I would liken this to the various regulations regarding gun sales in the
US. Most any parts are available through mail order or OTC, but the frame
itself (stamped with a serial number) can only be bought through a
licensed gun dealer.
For GnuPG the 'frame' of the weapon is the encryption/decryption modules
(cipher.c, decrypt.c, encr-data.c, etc...) while the rest is just
supporting stuff that, in and of itself, is not in any way subject to
restriction.
Again, IANAL, and I applaud Werner's attention to detail as regards
protecting the source of GnuPG from potential 'corruption' that would
subvert the goals of GnuWare.
C=)
P.S. (unrelated) For those looking, I haven't yet updated my RPM spec page
with the latest work sent by Ross Golder, I hope to have time today.
--------------------------------------------------------------------------
Heuer's Law: Any feature is a bug unless it can be turned off.
--------------------------------------------------------------------------
Caskey <caskey*technocage.com> /// pager.818.698.2306
TechnoCage Inc. ///| gpg: aiiieeeeeee!!!
--------------------------------------------------------------------------
Early bird gets the worm, but the second mouse gets the cheese.
More information about the Gnupg-devel
mailing list