Update: Shame on Sourceforge?

This is an update of a previous post.

Cool: Sourceforge now gives the leader of each project the choice to allow certain countries or not. So, if you are a project leader do the following like I did for timefinder: login -> Project Admin -> Export Controls -> this project does NOT incorporate …

Read here for more information.


7 thoughts on “Update: Shame on Sourceforge?

  1. Are you *really* sure you don’t use cryptography. A quick scan through your source code finds lots of passwords. Do you encrypt them?

    Remember, the rules include “calls to encryption in the operating system or underlying platform”

    Calling a library md5() or sha1() function is against US law.

    Do you feel lucky ?

    (project admin of 17th most active project on sourceforge – and about to leave….)

    • Why would md5() and sha1() be considered encryption?

      They’re hash functions–you cannot recover a password from a hash except by guessing the correct password. Even then all you know is that you have found one password that produces the same hash as the password the created the hash–you can’t know for certain that was the password that was actually used.

  2. You can legally export your software *directly* to Cuba.

    I am in the UK, and I can legally export mine there too.

    There is no UK/German/Cuban law to stop us.

    But SourceForge is in the US. You have uploaded your software to a server in the US. If you export it from the US to Cuba, then you are breaking US law.

    This is an “anti-terrorism” law – which means that the US can issue an international arrest warrant, and the european police will extradite you to the US.

  3. I set up a wiki for my projects at my own website and I think I’ll move or copy my stuff to http://www.origo.ethz.ch/. Both (and myself) are under Swiss jurisdiction. Even though I did not find out if there is or isn’t a Swiss law against exporting cryptography from Switzerland… in some cases encryption *is* a problem but that stuff is far too complicated for me 😦

    It’s definitely not possible to sign that statement sourceforge needs me to give for freeing my software. My PHP/MySQL/eGroupWare/Apache based stuff always might potentially use encryption – even without me knowing it.


Comments are closed.