Curious
Not that I care particularly one way or another, but I wonder what made them act now...
I doubt anybody from the US government even thought of asking them to do that.
Open-source code repository SourceForge.net has begun automatically blocking the internet addresses of users from countries such as Iran, North Korea, Cuba, Sudan, and Syria in an attempt to enforce a policy forbidding them from downloading free software. The move infuriated many purists of the free and open-source software …
.... who have Moved on and into Markets that Control All Such and Much Better Things.
"In a blog post Monday, SourceForge didn't say what prompted the move, but it did claim the change didn't sit well with the organization's ideals."
Some Bullying Idiot Boy, NSL, probably, from some Intellectually Challenged Terrorising Radicalised Imperial Fundamentalist Gagging Order in Dire Straits Need of Specialised PsychoTreatment in a Secure and Remote Environment, if and when it is a case of they can't or won't say because then they are to be hit with the Patriot Act Blunt Instrument and Private Club for Enforced Trauma and Delivered Chaos.
meanwhile in in undisclosed location in Iran....
"The curse of a thousand pox ridden camels on these dammed 'merkins Achmed, they have blocked my access to sourceforge and the software I need to create my weapons of mass destruction"
"That's OK Ali, here use my proxy software to give the impression that you are in the white house in 'merkin-land and download the software you need"
meanwhile in in undisclosed location in North Korea....
Once again, not real security, only the fig leaf of the impression of security so politicians can pretend they are doing something
Okay, so they must realise that this won't stop anyone with a bit of nous and/or determination from accessing any hosted code they want. At best it might be a hindrance to someone with a casual interest.
So this must be one of those "send a message" things. Who is the message for, I wonder?
I can't help thinking that this has precious little to do with Sourceforge and a lot more to do with the bully-boy diplomacy of the USA. Which means it's a bloody shame.
"One person commenting on the SourceForge blog argued the restriction is a violation of Section 5 of the open source definition which states licenses must not discriminate "against any person or group of persons." "
"One" is obvisouly completely off mark.
Any provision in a contract or licence that is illegal is of course superseded by law.
If the Law in the US says you can't distribute to Iran, then you can write whatever you fucking want in your licence, the licencee can ignore whatever part of the licence would force you to do something illegal.
Example: I buy a yogurt. The yogurt company proposes a contract whereby I can get 10c off if I agree to kill my neighbour.
Well, tough luck yogurt company, one side of the contract is void, and the other is not. Hence not only do I not need to kill my neighbour, but I'm still entitled to the 10c, even if I agreed I could have them only as a counterpart to killing my neighbour.
I am convinced the law is the same for licences, and you can just ignore the parts that would make you do something illegal, and still keep the rights to using the licence, as long as you comply with every legal provision in it.
To sum it up: "Section 5 of a document written by a guy (even a genius guy) Vs The Law, The Law wins"
The US law is not the world's law. SF is, I guess, legally required to prevent users in said countries from downloading from their US servers.
Since we're talking about Open Source, anyone can take that content, mirror it in another country that doesn't have a silly restriction on software exports, and the "bad guys" can have all they want legally.
I get the distinct impression a large closed source software vendor was behind this in some way - the countries involved are known to be quite keen on open source/cheap software.
Accepting an OS license doesn't oblige someone to distribute software. The only obligation an OS license of the copyleft kind creates is to ensure a distributor who makes binaries available also makes source available to those to whom binaries are distributed.
The fact that US law prevents distribution of some or all software to a list of countries doesn't prevent anyone outside the reach of US law from doing so.
The argument seems to be that exporting from the US to these countries isn't allowed under US law.
Last I checked, Sourceforge has servers in many countries, they can't ALL have similar laws with the same countries listed, can they?
I admit ignorance in the peculiarities of the export law though. Maybe there is something in there.
It is sad though that there will be people in the mentioned countries who have put together an open source project, worked hard on it and now will be unable to access or update any of that work.
Not only that, but the restriction is completely ineffective.
All they are doing is stopping the average good and deserving Iranian, Korean etc citizen from gaining access to useful software.
For software companies/government agencies in those regions, where you might want to enforce trade embargoes, these measures are trivial to circumnavigate.
SourceForge are simply complying with the law of the land (in this case, that land is the USA). Judging from the the tone of the SourceForge announcement, it seems likely that someone (maybe from some branch of the US government) pointed out that they might be deemed to be assisting terrorists if they did not adjust their policies.
Perhaps some of those who responded so vociferously to SF's announcement may step in to offer a service to download and forward files to individuals on the various lists. Of course, they may want to consider the legality of such an offer and ramifications for their own freedom, career, etc. Given the state of US-UK extradition, I guess that would apply to UK residents as much as to those in the USA.
...a site that is based on the principles of communism* bans countires that operate such principles.
Shame as Cuba is the best place I've ever visited. Nice to see that Club Tropicania runs Windows 2000 and many businesses run Windows XP (so much for the ban eh guys?)
*is a socioeconomic structure .... based on common ownership and control of the means of production and property in general. ...
I would have thought that the obvious solution would be for the stuff in question to not be available from mirrors hosted in countries where these laws apply, and to be freely available on mirrors in countries where these laws do not apply. It seems that many people (not just US law makers) tend to forget that US laws only apply in US jurisdictions.
Sourceforge has banned these countries because they: "barred people from uploading and downloading code if they reside in countries on the US Office of Foreign Assets Control sanction list."
Surely that only applies to US territories. Mirrors in more liberal jurisdictions shouldn't be affected. As there are unlikely to be high speed lines from Cuba to the US (apart from the ones from Gitmo) it would be faster for Cubans to download from a South American mirror anyway, and Korea from China or Japan, etc.
They do mention uploading code too, so perhaps there has been some concern about people from Countries-The-US-Doesn't-Like uploading malware or trojan code, or introducing backdoors that the US isn't aware of through security systems and doesn't want anyone else to have, so has applied some strongarm tactics?
Or maybe they don't want the 'bad guys' to have non-US-sanctioned (ie, strong) encryption code that someone else in the world might have written.
Steve.
> ...uploading malware or trojan code...
You do understand the principles of open source, right? That what is contributed is the human-readable SOURCE code that one takes and runs through a compiler oneself? [1] There's zero chance that someone can *hide* malware in open source software. Perhaps you mean that Sourceforge is a clearing house for malware, but that allegation would need some citations, please.
There's plenty of strong encryption tools available planet-wide without needing to download from sourceforge. The USA lost that battle a long time ago. Besides, nobody has ever found any terrorists who are using strong encryption.
[1] OK, Sourceforge does host binaries and installation packages, too. You use them if you trust them.
[2] Yes, I do understand the two-edged nature of that statement.
It seems a silly idea to follow US policy as your on a slippery slope to start with...
I don't see the point as people will just use either an open proxy or TOR to get around it or download from another source altogether (no pun intended).
Personally I think Sourceforge should reverse this as they may end up blocking the whole of Africa whilst their at it as there are some Islamic nuts in Yemen and Somalia and this would hinder the uptake of open source where is should flourish..
No, seriously, Cuba?
I kinda get North Korea, it's not like the average North Korean is going to miss out anyways.
I kinda get Iran right now, though frankly - I know a bunch of Iranian guys who play a big role in some fairly important Open Source projects, so this isn't really workable anyway.
But Cuba? Come on, seriously now. Venezuela sure, I could understand that...
América para los americanos eh?
SourceForge's headquarters and central repository (IOW, the hub of SourceForge) is located in the US. Any company with a US presence is subject to US law (as described in the US Code) regardless of its international presence (IOW, you play in the US, you play by US rules--if not, don't play in the US). Trying to move the hosting of controversial content offshore to get around the law is probably itself covered under US law which is why it isn't being done (and if you're wondering about Wikileaks, I don't think their headquarters is in the US).
Alas the server location is irrelevant. A countries law can apply anywhere on the planet if the government so wishes. Obviously enforcement can be an issue, but that's by the by.
If the USA has a law making it illegal to sell cats anywhere in the world, and you sell a cat in the UK, they can still arrest you on entry to a US territory. If this law is considered to apply anywhere on the planet (i.e. you go to Pakistan, give some dodgy guy some useful code, return to the USA and get nicked) then anyone going to or through any US territory is in the shit (c.f. internet betting).
It sounds like someone "reminded" SF of this and so - having common sense - they obliged. Yes, it's bully boy tactics, but SF aren't there to fight ideological battles about anything other than open source.
No, it's not going to stop anyone with half a brain accessing SF. I imagine most of the "rogue states" have a nice collection of bots around the world, and definitely including in the US. That place has more infections than Paris
Or they could just ask a friend. If any of my acquaintances in Cuba wants a tar ball of something from SourceForge they have only to ask. I don't think there's anything in the laws of my country that would prevent me from helping in that way, and even if there were it's not like I'd care.
Of course, a large proportion of projects on SourceForge which aren't crap are also available from other web sites or mirrors.
But the servers worldwide are NOT owned or operated by SF. They are all 3rd party owned and operated. SF just directs you to them.
The website itself is US based, which raises a problem. But I'm sure some enterprising Chinese person could create a SF website mirror/proxy and direct downloads to appropriate neutral countries.
Since Sourceforge uses servers all over the world they should therefore follow the host countries rules - not some jerk from an uptight government.
In any event, most Sourceforge users are technically savvy and know how to use proxy URL's.
I am in China as I write but if the moderators check they will find my reported URL is somewhere in Canada, likely Montreal or Toronto.
Setting up mirrors outside the US wouldn't work. The law on exports doesn't just cover direct exports, it also covers exports made via a third party/place where you know the final destination is a place not allows to receive them. So if SF were to set up a mirror that allowed free downloads to these 5 countries, then they would still be acting illegally - and the same is someone else set up a mirror and SF knew what was going on.
Since it would be hard to mount a defence (lets face it, it would be really hard for tech savvy people like those running SF to claim ignorance), then they really couldn't allow it.
On the other hand, if end users use technical measures (such as onion routing) that are hard for SF to spot, then SF are reasonably off the hook.