Why do I have to agree with USA law when installing Fedora or openSUSE ?

warmaster , 23 days ago (edited 23 days ago)

Wait a minute, so using Fedora in Cuba (for example) is illegal?

Leeker , 23 days ago

If it is for the Government of Cuba then yes. However, individuals can utilize the software.

This is the Bureau of Industry and Security website

This is the law itself

mvirts , 23 days ago

Just the transmitting the export restricted (mostly cryptography algorithms) parts from the us directly or indirectly

ILikeBoobies , 23 days ago

To avoid being sanctioned themselves

It’s helpful to follow if you want to deal with the US government

TheAnonymouseJoker , 23 days ago

That is the reason I will never be found using Fedora.

0x0 , 23 days ago

I thought OpenSUSE is German, so why would you export it?

The only rationale is that it ships with cryptography that's made in 'murica and probably stored in US servers, hence the export warning.

lemmyreader OP , 23 days ago

openSUSE has German origins, but was bought in the past by Novell in USA, then went into other USA hands, and then it was sold to a Swedish company's German sub division, and located in Luxembourg. https://en.wikipedia.org/wiki/SUSE_S.A.

0x0 , 22 days ago

And then they continued by not implementing the certified format correctly in Office anyway.

Enter the hefty fines. Like 5% of last year's revenue.

ardorhb , 23 days ago

I guess it’s because US laws likes to pretend to be in force world wide … which they are not.

Jimmyeatsausage , 23 days ago

They ARE in force for exports...including software.

ricdeh , 22 days ago

No, they are not. Sovereign countries are bound by the WTO (World Trade Organisation), not US export laws.

Jimmyeatsausage , 22 days ago

"Among other restrictions, US federal law controls the export of strong cryptographic materials, which are classified as a munition. Under these restrictions, the Fedora Project cannot export or provide Fedora software to any forbidden entity, including through the FreeMedia program"

You should let Fedora know that.

chalk46 , 23 days ago

oh yeah, I'm sure that'll work 👍
about as effective as a mystical incantation

ricdeh , 22 days ago

I kind of feel coerced by that text into sending a copy of OpenSUSE Leap to some obscure nuclear missile programme now, just for the sake of it

possiblylinux127 , 24 days ago

Code should be protected under the first amendment

halm , 24 days ago

Sure, but again. That is only legally binding in US jurisdiction?

hangukdise , 23 days ago

Only binding in the USA. Thoroughly ignored outside of it.

Observer1199 , 23 days ago

[Thread, post or comment was deleted by the author]

possiblylinux127 , 23 days ago

https://www.eff.org/cases/bernstein-v-us-dept-justice

https://en.wikipedia.org/wiki/Bernstein_v._United_States

Observer1199 , 23 days ago

[Thread, post or comment was deleted by the author]

ricdeh , 22 days ago

Maybe consult the literature they linked? I don't know what special enlightenment you received that you know better than anyone else in the world about the US Constitution First Amendment, but regardless, in the scope of the topic (cryptographic algorithms), they are completely right.

Telodzrum , 23 days ago

Source code is — Bernstein v. United States Department of Justice

possiblylinux127 , 23 days ago

You are correct

lemmyreader OP , 23 days ago

Thanks for mentioning this.

https://en.wikipedia.org/wiki/Bernstein_v._United_States

The government modified the regulations again, substantially loosening them, and
Bernstein, now a professor at the University of Illinois at Chicago, challenged them
again. This time, he chose to represent himself, although he had no formal legal
training. On October 15, 2003, almost nine years after Bernstein first brought the
case, the judge dismissed it and asked Bernstein to come back when the government made
a "concrete threat".

technocrit , 23 days ago

There's no free speech under capitalism.

https://en.wikipedia.org/wiki/Software_copyright

possiblylinux127 , 23 days ago

Keep your Communist ideals out if this please

Aria , 22 days ago

Communism and Linux are completely unrelated.

possiblylinux127 , 22 days ago

They are

Aria , 22 days ago

No part of open source puts value in collaboration and democratising the means of the production. Free software is definitely not about reducing inherent contradictions and exploitation that arise from your livelihood being dependant on someone else's private property.

Though sometimes you get confused randos like this saying stuff they don't understand, probably where the confusion stems from.

https://news.itsfoss.com/content/images/2023/06/linus-torvalds-reply.jpg

lemmyreader OP , 22 days ago

That sounds like the real Linus alright. Was that on Tw(X)tter or Threads or Bluesky or Mastodon ?

Aria , 22 days ago

The Akkoma instance hosted on kernel.org
https://social.kernel.org/notice/AWSXomDbvdxKgOxVAm

lemmyreader OP , 22 days ago

Wow! Thank you 🙂 🐧

ricdeh , 22 days ago

There is free speech in pretty much every capitalist country on the planet, but not in a single communist or socialist country of the present or past.

Bitrot , 24 days ago

Check out https://wiki.debian.org/USExportControl

BCsven , 24 days ago

Its a CYA for SUSE. Certain technologies aren't permitted to be shared outside of USA unless you go through the ETAR and assign if it commerically restricted/unrestricted, etc.
If you are in USA you are bound by this anyway, even without a EULA.

They don't know what you may install or transfer, even though it is opensource and you could download in another country.

We get hung up with this at work. We may have a software issue and send to USA parent company for review, they then need to know if the data represents a certain class so they can direct where (country) the software review or fix can be sent for evaluation.

There are obious things like military, but then there are commercial, transit infrastructure, aero, etc.

But it can get stupid, like the parent company received a CAD file I sent in as a demomstration of a display bug. i made a cube 4x4x4. the agent wanted to know what ETAR class it was, I argued it isn't because it is a cube I made as demo only, they would not review till i choose a class from a long list. None applied. But I had to pick one for them to proceed. So somewhere some guy is doing data chain of custody on a cube. lol

In cases where it does fall into restricted commercial interest or other restrictions only a USA citizen can work on the data.

This agreement poses no restrictiona on you that aren't already present if you are in the USA. And you shouldn't need to worry, unless you actively are designing or stealing data to hand over to a USA "enemy" for purposes of espionage , war, weapons etc

lemmyreader OP , 24 days ago

Its a CYA for SUSE. Certain technologies aren’t permitted to be shared outside of USA unless you go
through the ETAR and assign if it commerically restricted/unrestricted, etc. If you are in USA you are
bound by this anyway, even without a EULA.

Thanks. Yes, I noticed that openSUSE mentions it takes its sources from SLES Enterprise version (and Fedora is connected with RedHat RHLE Enterprise USA) so I guess that's where the corporate lawyers started chiming in :)

BCsven , 24 days ago

Yeah, exactly. with OpenSUSE having SUSE binaries I'm sure they legal mumbo jumbo just tranafers for covering all scenarios

kbal , 24 days ago

Certain technologies aren't permitted to be shared outside of USA unless you go through the ETAR

I'm guessing you mean ITAR, if anyone's having trouble searching for it.

BCsven , 24 days ago

Yeah sorry EAR, and ITAR.

z00s , 23 days ago

Cya?

hackerwacker , 22 days ago

Cover Your Ass. i.e. avoiding trouble from the Washington regime

BCsven , 22 days ago

Cover Your Ass

GolfNovemberUniform , 24 days ago

Why don't you use a distro that doesn't have such terms?

Lucien , 24 days ago

They all technically are subject to the same terms, they just don't bug you about it the way suse does

lemmyreader OP , 23 days ago

So if I help someone in Sudan, Syria or Iran to install Debian GNU/Linux I can be arrested by means of USA law, right ?

catloaf , 23 days ago

Possibly, though extremely unlikely. They wouldn't care unless you were doing it to help set up a nuclear weapons program or something.

This also assumes you're American, or working from the US. If you're French and working from France, for example, you'd be subject to French law, not American law.

Lucien , 23 days ago

No, not if you're not American

ricdeh , 22 days ago

They can do that, but that's not the topic of the post.

ReversalHatchery , 21 days ago

It seems it's often unclear whether it does. A user under this post has linked Debian's wiki page that writes about this, and they don't have a definitive answer either, just pointers on how to make sure that you are safe

catloaf , 24 days ago

Because their lawyers said so. Canonical is based in England so their lawyers didn't say so. I don't know where the Debian project is based. OpenSUSE is based in Germany so I'm not sure why they feel the need, but I assume that's what the lawyers said they need to do.

wildbus8979 , 24 days ago

Debian doesn't have a legal entity, it's based out of nowhere. Always has been.

Bitrot , 24 days ago

Debian is legally part of Software in the Public Interest, Inc., which it also founded.

wildbus8979 , 24 days ago

No it isn't. The foundation only holds on to the trademarks and logos. It also allows the group to hold funds.

The project itself isn't held, led, or otherwise directed by the foundation.

Bitrot , 24 days ago

Eh, you’re right.

The legal identity of an SPI associated project is not changed through their association with SPI, nor does it become part of SPI

wildbus8979 , 24 days ago

It was founded for donations. Hard to do if they aren’t legally associated.

Not at all hard to do. The foundation receives funds and gives them out to whomever. That's it.

IsoKiero , 24 days ago

I don’t know where the Debian project is based.

Trademark and at least some copyright for the project is owned by an entity in the New York and Ian Murdoch who started the project was US citizen. But calling the whole project as USA based is wrong, it is based 'on the internet' as even the core team is spread across the globe.

Drito , 24 days ago

Maybe because Suse company wants to make business in USA.

ReversalHatchery , 21 days ago

OP says openSUSE changed hands many times since then

https://beehaw.org/comment/3353517

socphoenix , 24 days ago

This has to do with encryption protocols. Offhand my assumption is either they are trying to be extra cautious as the rules are incredibly complex, or they have a different algorithm included by default that would be subject to those rules.

Hobbes_Dent , 24 days ago (edited 24 days ago)

It is my limited understanding that encryption beyond a certain level is illegal to export from the US. For example one of the positives of OpenBSD being based in Canada was is the ability to include crypto at a level that that the US wouldn’t permit to export.

From https://www.openbsd.org/crypto.html

Edit: tense

cygnus , 24 days ago

OpenBSD being based in Canada

Huh, TIL... That's cool!

Bitrot , 24 days ago

Wouldn’t at the time. A lot of the restrictions on encryption algorithms themselves were loosened in the 90s after successful court cases ruling that source code was free speech.

possiblylinux127 , 24 days ago (edited 23 days ago)

It hasn't been illegal for a while now. Encryption is protected under free speech. (The Ninth Circuit Court of Appeals ruled in our favor)

ShadowCatEXE , 24 days ago

Out of curiosity, would they be subject to these laws/protocols/regulations if they are (developers or organization) based in the US, but offer releases hosted elsewhere in the world AND/OR develop the product with code hosted elsewhere in the world?

BCsven , 24 days ago

It's one of those bureacratic things. You could download OpenSUSE in a restricted country and install it, but if you were in the USA and transfered the data to a restricted country you would be in violation of ETAR restrictions, even without the EULA

possiblylinux127 , 24 days ago (edited 23 days ago)

Cryptography is protected under the first amendment

A while back the NSA tried to argue it was a weapon and subject to weapons export restrictions but that was shot down in court