Code contributions, ITAR/EAR, incrimination vs. contribution
Frank J. Beckmann
frank at vogon.agala.harz.de
Sat Nov 14 01:44:27 CET 1998
On Wed, Nov 11, 1998 at 05:14:38PM -0800, Caskey L. Dickson wrote:
> On Wed, 11 Nov 1998, brian moore wrote:
> > On Tue, Nov 10, 1998 at 08:54:23PM -0800, Caskey L. Dickson wrote:
> > > On Tue, 10 Nov 1998, brian moore wrote:
> > >
> > > > I think the biggest problem is for those of us in the US, though.
> > > > Signing such a thing could be incriminatory.
> > >
> > > IANAL: The FSF takes their role of defending free software very seriously.
> > Sort of a catch-22: if you do major work it can't be included or the
> > code would be compromised, but if you sign the form so it can be
> > included, you've admitted to a crime.
> > It makes it rather difficult to do much in the US except compile.
> Perhaps. The admitting to working on a project that has the potential to
> be in violation of the ITAR/EAR when you upload your contributions is a
> sticky problem. Otoh, provided you aren't contributing code to the core
> crypto engine then you aren't really doing anything. Key management, for
> instance, isn't crypto, but it is a large part of any security product.
AFAIK even exporting software that has only hooks to support crypto
software violates the ITAR/EAR rules.
More information about the Gnupg-devel