Forgot your password?
typodupeerror
Red Hat Software Open Source Privacy Your Rights Online

Fedora To Have a "Don't Ask, Don't Tell" For Contributors 212

Posted by timothy
from the the-right-kind-of-discretion dept.
An anonymous reader writes "The Fedora Project is now going to enforce a "Don't Ask, Don't Tell" policy for contributors. What the project's engineering committee is asking their members to conceal is a contributor's nationality, country of origin, or area of residence. There's growing concern about software development contributions coming from export restricted countries by the US (Cuba, Iran, North Korea, Sudan, and Syria) with Red Hat being based out of North Carolina, but should these governmental restrictions apply to an open-source software project?"
This discussion has been archived. No new comments can be posted.

Fedora To Have a "Don't Ask, Don't Tell" For Contributors

Comments Filter:
  • by pla (258480) on Thursday March 06, 2014 @01:12PM (#46420339) Journal
    Do they apply to US-based commercial products?

    No. No, they do not, for one simple reason - Microsoft doesn't take source code from their userbase and roll it into the next release of Windows. The entire issue simply doesn't come up with closed source, because no one outside has access to the source code in the first place.

    Red Hat's problem in this situation really has no analog in the conventional business world. ITAR 18 USC 2339B simply don't address the situation of accepting material support from blacklisted entities. They just want to make sure that our ever-growing list of enemies doesn't someday someday require purging millions of lines of functioning source code. "Well what do we have here... Looks like you accepted code from one of those evil bastard terrorist(tm) Finns - Get ready for PMITA!"
  • by Anonymous Coward on Thursday March 06, 2014 @01:13PM (#46420361)

    That worked so well for GnutTLS. Thousands of eyes have looked over that code for years, and missed it. Open source didn't live up to it's hype in this case.

  • Re:Absolutely (Score:5, Informative)

    by Anubis IV (1279820) on Thursday March 06, 2014 @01:20PM (#46420435)

    The situations are rather different. The stated purpose of the US military's DADT policy (which was repealed back in 2011, incidentally) was to allow homosexuals to serve while eliminating the perceived drawbacks (specifically, a reduction in unit cohesion and morale) that came with having them serve openly.

    In contrast, the stated reason export restrictions are in place is to sanction or otherwise prevent the sharing of goods and information with certain countries. Fedora's DADT policy does nothing to address those issues, since those reasons are intact, regardless of whether the individual's nationality is known or not. If anything, it may make the problem worse by providing a false sense of legitimacy and legality to the nature of the business relationship, encouraging others to break the law as well. All Fedora is trying to do is eliminate their own culpability through willful ignorance, but the law makes it clear that they are required to proactively ensure that the people they share their data with are not from export-restricted countries. Willful ignorance is no excuse.

    To be clear, I'm NOT addressing the topic of how things ought to work, how things should be, or whether these restrictions make any sense at all. That's a discussion for another comment thread.

  • Re:Absolutely (Score:5, Informative)

    by Immerman (2627577) on Thursday March 06, 2014 @01:23PM (#46420463)

    No, but it can be good enough for a jury to find them non-guilty despite the facts - a tradition that extends throughout US history and long before.

    Remember, your obligation as a juror is not just to judge the facts of the case, but to ensure that justice is served. Despite the law if necessary. see Jury Nullification for more information.

  • by vux984 (928602) on Thursday March 06, 2014 @02:41PM (#46421255)

    One of the items I have to certify when using open-source in a corporate environment is that there is no foreign content.

    That's pretty idiotic. Most projects involve foreign content. All it takes is one stealthy Canadian and you can't use it? What about Canadians living in the United States? Is that still foreign? Just how xenophobic are you?

    Do you vet each commericial package as well to make sure they don't have a single line of code produced in India?

    No one is going to go through the source code from something like OpenOffice and look for malicious code, and show that it does not exist, if it has off-shore content, it will not be used, period.

    Enjoy going back to pen and paper then, you won't find much software anywhere that you can demonstrate has no "off-shore" content.

All the evidence concerning the universe has not yet been collected, so there's still hope.

Working...