Re: EAR, entity list ruling and impact on FOSS community in China

Thank you Neil and Board for the background information. 

We have the same understanding with what Neil. If GNOME Foundation have some formal statement or blog, we will be happy to translate and spread in China. As Neil said," Thus, we have nothing to have a EAR statement about. " My understanding is it equals to we have nothing to worry about. This is what we want to hear from GNOME Foundation. 

Thanks again, 

Neil McGovern <neil gnome org> 于2019年6月6日周四 上午2:00写道:
Hi Emily,

The board has asked me to reply to you.

On Wed, 2019-05-22 at 15:18 +0800, Emily Chen via board-list wrote:
> I am writing to get your advice on how to spread the right message
> and communicate with China developers, how we interpret those
> regulations and its impact to China Free and OSS community, companies
> and developers. Kaiyuanshe (Open Source Alliance) is a platform in
> China which is helping to bridging the China and international
> community, convey the right messages. Linux Foundation has already
> send out the clarification statement. I would encourage GNOME
> foundation response the same. A word or clarification from GNOME
> Foundation will be very helpful.

Firstly, a bit of background may be useful.

Historically, United States laws placed restrictions on the export of
certain defense articles, which, unfortunately, included some types of
cryptographic software. PGP and SSH, among others, fell into this

In 2001, this changed to allow open source software to be exported -
both in source and binary form, as long as various US departments were
notified of the software, with each new version. Debian did this in an
automated way, and soon the departments emailed asking Debian to stop
flooding their inboxes.
In fact, in 2016, the regulations were changed again to ensure that
only one notification was required per package, and as long as the main
cryptographic code didn't change, no further action was needed.

In terms of GNOME, I don't believe we are creating or distributing any
cryptographic software - we rely on other packages and libraries to do
this for us. Thus, we have nothing to have a EAR statement about.

Why the long explanation? Well, the way that the restrictions on Huawei
have been implemented is via this EAR mechanism, and nothing else.
Basically, it means you cannot distribute proprietary strong encryption
to Huawei, or to Iran, Cuba etc. It doesn't affect open source
software, and as GNOME doesn't directly produce cryptographic software,
it doesn't affect us anyway.

As for a general public statement, I'd want to get lawyers involved
before having any statement on the website, as it's a legal question.
Do you think the above is enough for you, or should I pursue asking
lawyers for more information?

I hope this helps set aside some of your concerns.

Neil McGovern
Executive Director, The GNOME Foundation

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]