On Wed, Feb 3, 2021 at 11:13 AM Niels Möller nisse@lysator.liu.se wrote:
... I've had look at the terms and conditions, http://security.marist.edu/LinuxOne/TC.PDF. Most of it looks very reasonable, but there are a few items that I find a bit unclear:
- [...] You agree to obey all relevant New York State and US laws, including all export controls laws.
My understanding is that US export control laws don't apply to FOSS software (and that's why, e.g., Debian no longer have special non-us mirrors for distributing cryptographic software). But I don't know the details, and if there really isn't a problem, why is it mentioned explicitly in the terms and conditions?
IBM is a US company. It has to comply with the export laws.
For an open source project you have to email the encryption coordinator (the NSA) with a link to the project's website and source files. Also see https://www.eff.org/deeplinks/2019/08/us-export-controls-and-published-encry....
Jeff