Other issues in this category (14)
Everybody is free
Tuesday, November 7, 2017
Previously it was believed that free software was so free that anyone could use it: the license under which it was distributed guaranteed just that. However, on September 5, 2017, everything changed:
By downloading Fedora software, you acknowledge that you understand all of the following: Fedora software and technical information may be subject to the U.S. Export Administration Regulations (the “EAR”) and other U.S. and foreign laws and may not be exported, re-exported or transferred (a) to a prohibited destination country under the EAR or U.S. sanctions regulations (currently Cuba, Iran, North Korea, Sudan, Syria, and the Crimea Region of Ukraine, subject to change as posted by the United States government);
We are drawing our readers' attention to this news because it is directly related to their information security.
Let's check the GPL v3 text. It is not the only license under which free software is distributed, but a huge number of programs for Linux are available under GPL v3.
When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things.
It looks like the restrictions may not apply to source code or to distributions (and their updates). For example, in accordance with §742.15 (b), software source code and binaries are available to the public and aren't subject to EAR regulations. But this clarification is not complete because the possibility of restricting access to the source code in accordance with "other US and foreign laws" remains.
This is not the first incident of a software program's availability being restricted (seems like we're back in the Middle Ages when the lower estates weren't allowed to attend schools; it’s even hard to believe that we live in the XXI century).
In mid-January 2010, the largest open project hosts, such as SourceForge and Google Code, received emails instructing that they should no longer provide access to open source projects because they may incorporate certain technologies whose export from the USA is prohibited. In that case "certain technologies" meant cryptography — all of it.
SourceForge and Google Code shrugged, issued an apology to their users, and complied—after all, they were nothing more than ordinary US companies and had to obey the law.
These incidents show that a company or an individual who chooses to use foreign software can at any moment be not only deprived of access to new versions but also to security updates — and thus their systems will become tempting targets for attackers (or, perhaps, for certain governmental agencies).#free_software #foreign #security
The Anti-virus Times recommends
P.S. This issue is devoted solely to the security of information.