1165035 – Fedora license mentions obsolete EAR regulations

Bug 1165035 - Fedora license mentions obsolete EAR regulations

Summary: Fedora license mentions obsolete EAR regulations

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	distribution
Sub Component:
Version:	22
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Václav Pavlín
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	FE-Legal
TreeView+	depends on / blocked

Reported:	2014-11-18 07:59 UTC by Yuhong Bao
Modified:	2015-11-03 09:26 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-11-03 09:26:02 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Yuhong Bao 2014-11-18 07:59:21 UTC

From https://fedoraproject.org/wiki/Legal/Licenses/LicenseAgreement20 :
"5. EXPORT CONTROL. By downloading Fedora software, you
acknowledge that you understand all of the following: Fedora
software and technical information may be subject to the U.S. Export
Administration Regulations (the “EAR”) and other U.S. and foreign
laws and may not be exported, re-exported or transferred (a) to any
country listed in Country Group E:1 in Supplement No. 1 to part 740
of the EAR (currently, Cuba, Iran, North Korea, Sudan & Syria); (b)
to any prohibited destination or to any end user who has been
prohibited from participating in U.S. export transactions by any
federal agency of the U.S. government; or (c) for use in connection
with the design, development or production of nuclear, chemical or
biological weapons, or rocket systems, space launch vehicles, or
sounding rockets, or unmanned air vehicle systems. You may not
download Fedora software or technical information if you are
located in one of these countries or otherwise subject to these
restrictions. You may not provide Fedora software or technical
information to individuals or entities located in one of these
countries or otherwise subject to these restrictions. You are also
responsible for compliance with foreign law requirements applicable
to the import, export and use of Fedora software and technical
information. "
This is probably now obsolete with US export restriction changes in 2011:
https://www.federalregister.gov/articles/2011/01/07/2010-32803/publicly-available-mass-market-encryption-software-and-other-specified-publicly-available-encryption

Comment 1 Jaroslav Reznik 2015-03-03 16:30:44 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22

Comment 2 Jon Disnard 2015-04-07 22:43:51 UTC

This should probably go through Red Hat legal, I'm not a lawyer, and this is not legal advice.

So after spending time reading through the regulations, it is my opinion that Fedora may want to amend the export language to include a line about having a TSU exception, with ECCN 5D002. Basicly publicly available cryptographic software contained in Fedora is not regulated anymore.

For an example of this see the Yocto project [1] export compliance page. A simple one liner on the bottom appears to be the main difference.

https://www.yoctoproject.org/tools-resources/export-compliance

Comment 3 Tom "spot" Callaway 2015-11-03 09:26:02 UTC

The EAR language is correct. Fedora is ECCN 5D002, with a TSU exception, and we have been for quite some time. We keep that information here:

https://fedoraproject.org/wiki/Legal:Export

Note You need to log in before you can comment on or make changes to this bug.