On Wed, 17 Aug 2022 10:05:59 +0930, Simon Lees wrote:
The section from Richard's first email also states that the *software* is covered under the terms of US Export Control, everyone agrees to these terms when running the installer. If you were found to not be agreeing to such terms then your right to use the software would be revoked.
That's different than specific restrictions on use, though, such as the nuke example - that protects SUSE's trademarks only, but as the code is OSS, rebranding it is certainly doable. But also, it seems like it might be legally dubious to take code that I wrote and packaged to be included in openSUSE and to override my wishes as the author by enforcing different legal terms as to the use of the code. (This is a hypothetical, as I don't have code that's distributed as part fo the distro, and only have a couple of packages in OBS that I build from other peoples' code). But working from the export-restricted argument, if my (hypothetical) code doesn't include anything that's export-restricted, then distribution to individuals who want it would be permitted in any event. If I, as an author of code, live in the US, the embargoed countries for the US are still places I can't legally export things to, but if that code that I created is OSS and is distributed through a server in China by someone who "forked" the code by making a copy and not changing it, I'm not distributing the code to North Korea, but my code is ending up in North Korea nonetheless. What laws were broken in that instance? The license in openSUSE really is covering the specific collection of software distributed as openSUSE - but not the code itself.
In all likelyness the reason we have such terms is because in the past if we weren't seeming to do everything we could as a project to comply with US Export Control, and someone was to be found to be using openSUSE software in a way that was prohibited under export control law then the US government could equally apply similar prevention's on people interacting with openSUSE. As I said in a different email how export control applies to open source projects has now changed so this is now much less of a risk. But it is an example of us putting limits on the use of our software beyond what is covered by the other various licenses.
Yeah, that makes sense, and there is export-restricted code in the open- source world. But tracing it is pretty difficult to do outside of a specific distro. As a German company, is SUSE required to follow US Export restrictions? (Probably yes for distribution that takes place from the US; say it's hosted on a server in China, though....The law there is different, and someone from, say, North Korea, could legally obtain it from that server without any such restriction - as far as I know). -- Jim Henderson Please keep on-topic replies on the list so everyone benefits