more mirrormanager testing / unacceptable Export Restrictions

Matt Domsch Matt_Domsch at dell.com
Fri Apr 6 04:18:12 UTC 2007 

On Fri, Apr 06, 2007 at 04:30:49AM +0200, Rob van Nieuwkerk wrote:
> Hi Matt,
> 
> I created a FAS account some time ago.  I did not proceed with adding my
> site because this requires that you agree with the "Export Restrictions".
> 
> I don't see many sites added.  Probabaly because most people realize
> that it comes down to this:
> 
>       -------------------------------------------------------------
>       If you agree with these Export Restrictions you will violate
>       these rules anytime somone who isn't liked by the US downloads
>       any piece of Fedora from your mirror.
>       -------------------------------------------------------------
> 
> Run a mirror, help Red Hat, and get arrested next time you visit the USA ..
> 
> Besides any political or moral right/wrongness of these Export
> Restrictions it is of course TECHNICALLY COMPLETELY IMPOSSIBLE
> to comply with them !!!
> 
> The whole mirrormanager thing will (unfortunatly !) never work
> as long as agreeing to these Export Restrictions is required.

To be fair, this has noting to do with mirrormanager, except that
mirrormanager asks you to say you will comply.

The problem is that the US State Department considers software posted
on the Internet to be exports, and has certain rules about this.  Red
Hat, as a US-based company, must comply with these rules.

In reality, these rules apply today, regardless of mirrormanager.

You and I both know it's impossible to police every download from
every web server in the US or under the control of a US-based company
to ensure the person doing the downloading isn't a national of an
embargoed country, or is on the Denied Parties List or whatever other
rules there are.  And yes, the software has export licenses (license
TSU) allowing it to be exported almost anywhere to almost anyone.
Therein lies the problem - it's not really anyone anywhere, but
"almost".

I think the State Department knows it's impossible too.  They must
know.  So, we show due dilligence.  We have a notice on the FTP site
saying "if you're someone subject to US State Deparment restrictions,
you aren't allowed to download anything here."  But we don't
technically stop anyone from doing so.  The question is, must we
technically stop anyone from doing so?  Apparently not, I haven't
been asked to try - because it's impossible and everyone knows it.

So the notice is our Due Dilligence, and by asking you to agree too,
that's our Due Dilligence.  You post that notice, and it's your Due
Dilligence too.

That's my understanding of it.  IANAL, but as this has come up
repeatedly in the past, this has always been the tacit resolution.

 
> Mirror-admins: be very carful with what you sign or agree to !

Always wise.

-- 
Matt Domsch
Software Architect
Dell Linux Solutions linux.dell.com & www.dell.com/linux
Linux on Dell mailing lists @ http://lists.us.dell.com

More information about the Fedora-infrastructure-list mailing list