New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
authority issues about trade issues on EAR #10923
Comments
We are not US based, and most specifically, our main source code repo isn't. Does that answer your question? |
To clarify that a little:. Our developers are based all over the world. We may and do receive contributions from anyone in any country (including China and the US). The source code repo is based in servers that are outside the US. The OpenSSL Software Foundation is a US incorporated company. However when you download source code from www.openssl.org you are not downloading it from the US. We're not lawyers. If you want legal advice you should speak to a a lawyer. |
This is dangerously inaccurate. When you download from that website, you are actually connecting to a global CDN, and depending on where you are, you will probably end up talking to a server that is in, or "close to" then country where your browser is. Regardless, that CDN is a US company and it will obey US rules. According to https://www.openssl.org/source/gitrepo.html, you can download directly from an OpenSSL server, git.openssl.org hosted by SpaceNet AG. According to https://www.openssl.org/community/thanks.html) they are not a US corporation, by my view of traceroute output, that server is not in the United States. As Matt said, OSF is a US corporation; last I knew it used a US bank and at least for some of its legal services, US lawyers. The first means it must follow US rules, the second means there is a way to exert pressure, and the third means that they are likely to be told to cooperate. For example, if the US said "stop paying your staff because they contribute code to China" then Matt and Richard become volunteers, at least for a time. Another possible scenario is that the US decides that charitable contributions from Huawei should not be accepted because of US concerns about that company's 5G work. NOW, having said all that, the US changed the export regulations a long time ago so that open source was no longer export-controlled. I cannot imagine that they will change that, nor will they be able to; the industry, including the largest computer firms in the world, would be likely to fight that. I am not a lawyer. Hire one and get advice. Or just do whatever everyone else does because they won't come for you, they'll come for bigger folks. |
That's a good point and something I had over looked. Thanks for the clarification. |
wow, Very thoughtful advice! Thanks. |
We are concerned about the authority of openssl as recently arised trade issues between US and the rest of the world (especially China). We are looking forward to get your official answers for the questions below:
The text was updated successfully, but these errors were encountered: