Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Government Software United States Your Rights Online

SourceForge Clarifies Denial of Site Access 396

Posted by ScuttleMonkey
from the living-in-the-real-world dept.
Recently there were some complaints from certain users outside the US stating that they were no longer able to access SourceForge.net. SF.net (who shares a corporate overlord with Slashdot) has outlined the reasons for these bans, and until someone with sufficient power to alter US law or the lists governing who is allowed to access what data from where, there is unlikely to be a change in these bans. It is worth noting that SF.net is not alone in these difficulties, as the same problems have been reported from other repositories, like Google Code. "As one of the first companies to promote the adoption and distribution of free and open source software, and one that still puts open source at the center of its corporate ideals, restrictions on the free flow of information rub us the wrong way. However, in addition to participating in the open source community, we also live in the real world, and are governed by the laws of the country in which we are located. Our need to follow those laws supersedes any wishes we might have to make our community as inclusive as possible. The possible penalties for violating these restrictions include fines and imprisonment. Other hosting companies based in the US have similar legal and technical restrictions in place."
This discussion has been archived. No new comments can be posted.

SourceForge Clarifies Denial of Site Access

Comments Filter:
  • can use a proxy to get at SourceForge.

    • by daveime (1253762) on Monday January 25, 2010 @02:31PM (#30894330)

      Unfortunately, all of the good OSS proxies have their source code hosted on sourceforge.

      10 PRINT "CIRCULAR REFERENCE"
      20 GOTO 10

      • On a related note, I wonder if there are any proxies written in BASIC?
        • by daveime (1253762)

          10 REM IPv6 WILL SERIOUSLY F*CK THIS CODE UP !!
          20 DIM DOMAINS(255,255,255,255)

          I made a start on the IP to Domain lookup code, I'll let you take it from here.

      • Re: (Score:3, Informative)

        by Abreu (173023)

        There's several open source repositories outside the US where people can get code.

        I know for a fact that many cubans download Open Source software from the National University of Mexico

    • Re: (Score:3, Interesting)

      by TheLink (130905)
      Yeah but it gets a bit more inconvenient if you happen to put your project on sourceforge.

      Ironically I just started my first SourceForge project[1] (uploaded files, created repo etc) before I saw this. Still, I guess it'll be a while before the US puts my country on the ban list...

      [1] a win32 python project that allows quick linking of hotkeys to windows (to allow easier switching amongst arbitrary windows - coz I'm just too stupid to learn how to alt-tab quickly amongst 4 or more windows ;) ). Figuring out
  • by TofuMatt (1105351) on Monday January 25, 2010 @02:16PM (#30894108) Homepage

    Would moving the servers, or serving certain countries from another one (Canada? Europe?) help at all? This is obviously incredibly shitty.

    • by Lordrashmi (167121) on Monday January 25, 2010 @02:22PM (#30894180)

      If they want to have any corporate entity in the US they have to follow these laws, the actual physical location of the servers doesn't matter (according to the lawyers I worked with).

      It really is quite stupid, it just causes problems and doesn't help anything.

      • Re: (Score:3, Interesting)

        by wizardforce (1005805)

        There's nothing stopping a separate legal entity from doing so however. So hypothetically, Sourceforge could fork into separately funded/controlled operations to get around the ban. Correct?

        • Re: (Score:3, Interesting)

          by makomk (752139)

          There are already mirrors of the downloads hosted by third parties in other countries that SourceForge redirects users in those countries to. Sourceforge has deliberately decided not to do so in this case, for whatever reasons.

      • by Demonantis (1340557) on Monday January 25, 2010 @03:10PM (#30894936)
        It doesn't even matter if they want to be a corporate entity. I worked for an international company that came into close contact with US export laws all the time. You can't ship a product to one country in transit to another country so if they did move they would still have to enforce an export control on the data that was exported. Secondly, US export law also has this wicked "taint" rule to it. If a US corporation(or citizen, I think) provides technical knowledge towards the product then that product can come under US export laws. It made it really hard to tell the US what we were doing as we did not want to deal with US export law when possible.
        The physical location has no bearing on what the US can do to you if you want to deal with them. Just tell that to the "prince" of pot [wikipedia.org].
  • by hedronist (233240) * on Monday January 25, 2010 @02:17PM (#30894118)
    "The Internet interprets censorship as damage and routes around it." -- John Gilmore
    • I would imagine that at some point in the future, the US govt. will ban proxies as they allow individuals from target countries to circumvent an outright ban.

  • by flyneye (84093) on Monday January 25, 2010 @02:20PM (#30894160) Homepage

    With any luck this will force Bin Laden to have to use Windows O.S. and programs from downloads.com to do his twisted interpretation of Allahs will.
    There could be some justice in this yet.

    • by Culture20 (968837)

      With any luck this will force Bin Laden to have to use Windows O.S. and programs from downloads.com to do his twisted interpretation of Allahs will. There could be some justice in this yet.

      "Al Qaeda's latest offer of peaceful relations with all peoples of the Earth will culminate in a computer controlled robotic presentation of Fiddler on the Roof. The robots are taking the stage now...

      *DRIVER_IRQL_NOT_LESS_OR_EQUAL*

      It's crashing! Watch it! Watch it, folks! Get out of the way! Get out of the way! Get this, Charlie! Get this, Charlie! It's fire--and it's crashing! It's crashing terrible! Oh, my, get out of the way, please! It's burning and bursting into flames, and the--and it's falling

  • by istartedi (132515) on Monday January 25, 2010 @02:25PM (#30894252) Journal

    Fond memories of the form that came up for 128-bit browsers back in the 90s. They always used to ask you to provide your information, and certify that you weren't from a bad country. I wish that was a joke; but no. They really did that. Cuz, you know... somebody who was up to no good would actually be deterred by that. Sheesh!

    Any 5 year old can tell all you need is 1 guy to come over and get an ISP account. I'm quite sure that all the countries on the list not only have state-of-the-art OSS/FS encryption software, they have pirated closed-source software as well.

  • by maroberts (15852) on Monday January 25, 2010 @02:29PM (#30894306) Homepage Journal

    I don't think it has any problems with connection to any of those countries....

    Maybe you can swap servers with Google...:-)

  • I'm guessing this has something to do with the Wassenaar Arrangement. [wikipedia.org]
    • by chill (34294)

      But what part? An exception was granted back in 1994(?) for open-source cryptography. It doesn't require export review or control, just an e-mail notification with a URL to the source code.

      I'm not sure what else would apply...

  • by mdm-adph (1030332) <mdmadph@@@gmail...com> on Monday January 25, 2010 @02:31PM (#30894338) Homepage

    ...with more Internet censorship. This is ridiculous. Export laws are what they are, but if we're trying to help open up the Internet in these countries, banning them from accessing knowledge hosted on our servers isn't helping one bit.

    • by FooAtWFU (699187)
      Maybe they can borrow some EFF help and try to make a First Amendment case out of it.
    • Re: (Score:3, Informative)

      by fm6 (162816)

      This isn't about censorship, this is about denying countries we don't like access to our technology. That said, I agree that it's a stupid law that doesn't do anything at all useful.

  • by neo00 (1667377) on Monday January 25, 2010 @02:32PM (#30894344)
    As a Syrian developer who contributed so several open source project, I call this action unnecessary and outrageous. Sorry, I can’t understand this decision which was taken silently and cowardly by sf.net . I understand that the US law prohibits US companies from exporting their products to the “axis of evil” countries. But what I don’t understand is how sf.net considers the projects they're hosting as US products? It doesn’t make any sense. SF.net DID NOT create these projects. It just HOSTS them. Most of these projects are got contributions from people around the world including people from these countries. Suddenly they can’t access their own work, because sf.net considers them American products! That’s stupid!
    Furthermore, it’s a direct violation of the freedoms of Free Software and section 5 of opensource definition:

    5. No Discrimination Against Persons or Groups”
    The license must not discriminate against any person or group of persons.
    Rationale: In order to get the maximum benefit from the process, the maximum diversity of persons and groups should be equally eligible to contribute to open sources. Therefore we forbid any open-source license from locking anybody out of the process.

    I hope sf.net reconsider their decision. And at least to stand positively to defend the basic principles of FLOSS.

    • The issue is not the ownership or contributing membership of the individual projects. The issue is that by hosting, a copy of the software is being maintained under the control of whomever owns and/or controls the hosting servers. In the case of software hosted by a US company or person, that company or person is held responsible for ensuring that the content of that server follows applicable US and/or state law. This includes export laws. So, by you uploading something to their server, they are instantly liable for that. And for every transmission, that is one export, so charge counts, and thus fines add up fast. To ensure that they exist as a company tomorrow, they have to take this step (as crappy as it seems).

      Oh and to those of you suggesting to move the hosting servers, that does not remove you from legal liability. If the servers are under your control, and you live in the US, you still have to follow US export laws. So, just by setting up a mirror server in another country that's on the export list, you're violating the law.

    • Re: (Score:3, Insightful)

      by jjohnson (62583)

      The problem is the hosting is in the U.S. Like it or not, that gives the U.S. government leverage to enforce its laws on the organization.

      Push sf.net to move to offshore hosting. As long as its servers are in the U.S., sf cannot expect to win a fight with the U.S. gov't.

      • As long as SF is a US company, it is beholden to US laws.

        It's surprising how many people here think that physical hosting location is relevant, compared to the location of the company; is that not the case elsewhere?

    • by e2d2 (115622)

      They can't access their work? There are no copies of this code? That's a bad joke. Like you said, they only host the projects so no real harm done. Host elsewhere. Problem solved. Team Forge FTW.

      Also, they never said they would violate a country law to enforce an open source ideal. It doesn't work that way. Copyrights, patents, trademarks - these things can be disputed in civil court. You violate federal laws you go to prison. There is no choice to be made at all.
       

    • by OverlordQ (264228)

      Sorry to burst your bubble, but the vast majority of people will pick not going to prison vs providing data to people the law wont allow just because it's 'Open Source'.

      Being FLOSS has nothing to do with it, they'd still have to do this if they were hosting proprietary code.

    • The freedoms of Free Software apply to licenses, not people or entities. This isn't a violation of any open source license as far as I'm aware. Roughly speaking, licenses will require either nothing in this regard (BSD doesn't force you to give away the code or binaries to anyone at all), or distribution of source code to people who receive binaries (GPL and the like). SourceForge isn't doing this, they're just refusing to distribute anything at all to these countries. This also has nothing to do with the software itself, just the act of hosting it. It's about the service, not the good. No one is preventing you from accessing your own work, just from accessing it through SourceForge's service (servers). Just have someone in a neutral country get it for you; this is perfectly legit and I bet even encouraged by SF.

      The licenses themselves cannot include these kinds of limitations (if a licence says you can't run the program if you're North Korean, then it isn't an open source license, and this is what Freedom 5 is all about), but they do not require that users have this kind of openness. In fact, it is unnecessary: since the license lets you redistribute the program, all it takes is a third party to proxy between a restrictive distributor and the destination that he wants to avoid.

      You can disagree with SF's take on the subject, but they aren't violating any licenses. If they did export to restricted countries, they would be violating local law. Given the availability of proxies and the like, it would be a questionably useful move. So the US government wants to annoy you; work around it and complain about the US government all you want (and rightly so), but don't blame the people who are just following the law.

    • by fm6 (162816) on Monday January 25, 2010 @03:33PM (#30895234) Homepage Journal

      It's highly appropriate that we should hear from somebody on the ground in Syria. One of the points of this law is to gain leverage against the Syrian government, which Washington considers unfriendly. It's a stupid, shortsighted strategy, that doesn't really accomplish anything, except hurt innocent people.

      On the other hand, it's a little inconsistent to call SourceForge "cowardly" for not standing up the government. (Note that the wording of any OS agreement they adhere to is irrelevant — no agreement to act illegally is valid.) Would you dare to flout Syrian law the same way? Not to judge your system of government, but you have to acknowledge the consequences would be pretty severe. U.S. law is less so, but they can still put SourceForge out of business and maybe put some of its people in jail.

      Sometimes you do have to go to jail for what you believe in. But this isn't one of them.

  • by MikeRT (947531) on Monday January 25, 2010 @02:33PM (#30894360) Homepage
    The US doesn't want to face up to the fact that the only way to keep very serious, proprietary technology out of the hands of hostile states is to severely punish those in the US who facilitate the transfer. So instead, it adopts security theater here much like it pretends that it is fighting child exploitation by posting cops all over chat rooms to entrap people who have a passive interest in jailbait at best instead of actually hunting for real, serious child molesters. This allows the national security hawks to believe that we're "being tough," when in fact if we were tough, we wouldn't give a shit about SF.net, but would instead be executing men like this [foxnews.com] (just read it before attacking me, it was the first Google search result) without a second thought.

    This won't do **anything** except deter some students in these countries who don't know how to find a foreign proxy. It certainly won't stop foreign intelligence officers who try to get actual weapon systems and other serious munitions.
  • by el_jake (22335) on Monday January 25, 2010 @02:34PM (#30894372)
    You should seek political asylum in Europe the land of the Real Free. Not bound by legal enslavement or crooked intelligence agencies, yet.
  • DeCSS?

    Early opensource implementations of RSA encryption?

    If efforts to stop these failed (and there were efforts, and they did fail), I suspect this will also fail.

    Nothing to see here folks. Move along. Move along.

    • by homer_s (799572)
      (and there were efforts, and they did fail

      Not for the politician who got to say that he helped prevent "technology from getting into the wrong hands".
  • Sad but real (Score:5, Informative)

    by dtmos (447842) * on Monday January 25, 2010 @02:38PM (#30894422)

    The alternative is to end up like Prof. John Ross of the University of Tennessee [tradelawyersblog.com], convicted of export control violations and sentenced to 4 years in prison -- at the age of 72.

    What few in the US recognize is that the rules are even more stringent than indicated by SourceForge. To be convicted of an export violation, one needs merely to discuss a controlled technology with a foreign national on one of the lists [doc.gov] -- which means, in addition to many other individuals, entities, and countries, any citizen of China or Iran. Sending anything overseas is unnecessary to violate the law -- merely speaking to a group containing one such person in the audience (like at a private industry consortium meeting) is all that is needed. And the list of controlled technologies is incredibly long: See the Commerce Control List [gpo.gov], especially Category 3 - Electronics [gpo.gov], Category 4 - Computers [gpo.gov], Category 5 (Part 1) - Telecommunications [gpo.gov], Category 5 (Part 2) - Information Security [gpo.gov], and Supplement No. 2 to Part 774 - General Technology and Software Notes [gpo.gov].

    • Re:Sad but real (Score:5, Insightful)

      by Tanuki64 (989726) on Monday January 25, 2010 @02:45PM (#30894530)
      Good reason why I never will visit the USA. I'd probably have the same bad feeling I'd have in China. Or...on second thought...I'd feel more secure in China. If I'd get arrested there, I'd have at least the broad public on my side. If I'd get arrested in the USA I wonder how many would think this must be my own fault since he USA are a constitutional state and by definition the 'good'.
    • Re:Sad but real (Score:4, Informative)

      by darkmeridian (119044) <william...chuang@@@gmail...com> on Monday January 25, 2010 @03:58PM (#30895612) Homepage

      You have a good point, but citing the case of John Reece Roth doesn't make a lot of sense. Prof. Roth was working on "plasma actuators" for use on US Air Force drones. They were considered military secrets. The terms of the contract he signed forbid the transfer of any sensitive data with foreign nationals. He was warned to keep these documents guarded. He documents acknowledging that the export limitations applied, and that he was aware that the law required him to secret the data. Yet he transferred the information to people he knew were Chinese nationals. It's a pretty open and shut case to me.

  • by onionman (975962) on Monday January 25, 2010 @02:41PM (#30894470)

    If you are an open source coder (as I am), and you are involved with a project on sourceforge (as I was until a couple minutes ago), just ask the principal maintainer to move it to a different site. If they don't, stop contributing. Or, if you really don't care, then just go on with business as usual.

  • Did Anyone Look at the Exclusion Lists?

    There's a veritable population of excluded 'entities' right here in town!

    Many have odd looking names like MAJIDA, AL KAYALI, ABDULAH, FADWA, etc.

    Then there's the innocuous MYNET.NET, SYNAPTIX.NET, ...

  • by Anonymous Coward on Monday January 25, 2010 @02:46PM (#30894560)

    12. No Surrender of Others' Freedom.

    If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program.

    • No, it doesn't (Score:3, Informative)

      by l2718 (514756)
      The GPL doesn't force you to distribute the code, or prohibit you from selecting recipients according to any criterion you wish. It only prohibits you from placing restrictions on what the recipients can do with the code after they get it from you. In other words, the GPL doesn't require SF-hosted projects to directly distribute their code in Syria. It only prohibits the projects from forbidding downstream recipients from distributing to Syrians, or from forbidding Syrians to run the code.
    • Re: (Score:3, Insightful)

      by phantomfive (622387)
      The GPL says, essentially, "if you compile this and distribute it to people, you also have to give them the source code." If they don't give the compiled version to people in Syria, they are under no obligation to give the source code. So it's ok.
  • How typical.. (Score:2, Redundant)

    by NiceGeek (126629)

    I don't see a single person who is complaining about this, offering to help fund moving SF.Net elsewhere.

    Not so easy when you have to foot the bill, is it?

  • outlined the reasons behind the ban [sourceforge.net], now with 100% less obfuscation, link tracking, and annoying toolbar!

  • by casings (257363) on Monday January 25, 2010 @03:11PM (#30894954)

    Why wouldn't this be considered a violation of the first amendment? (Not SF.net blocking, but the laws which that censorship is based).

  • There must be some legal way to bypass such laws. Perhaps having a foreign branch such that they can do what you can not do within the US would be sufficient. Freedom sometimes requires actions that people would not normally take.

"The way of the world is to praise dead saints and prosecute live ones." -- Nathaniel Howe

Working...