teamhugs
|
|
October 14, 2012, 05:46:56 PM |
|
The developers don't have a choice. Bitcoin uses strong cryptography, which, for reasons which don't really make sense, is legally classified as a military weapon under the Wassenaar Arrangement, and therefore illegal to export to "certain" countries. Simply making the source code available for download worldwide is legally equivilant to selling bombs to Iran. As fucked up as the law is, it must be obeyed if you want to avoid being jailed for arms trafficking.
This is not true. Open source, free software does not fall under the US munitions export controls. Otherwise, tools like openssl, tor, openssh, linux distributions, etc would not be available outside the US. See https://www.federalregister.gov/articles/2011/01/07/2010-32803/publicly-available-mass-market-encryption-software-and-other-specified-publicly-available-encryption for the public restatement of that fact. This fact has been true since 1996. See John Gilmore's fights and wins in the US courts here, http://www.toad.com/gnu/export/export.html.
|
|
|
|
matonis
|
|
October 15, 2012, 08:03:02 PM |
|
The developers don't have a choice. Bitcoin uses strong cryptography, which, for reasons which don't really make sense, is legally classified as a military weapon under the Wassenaar Arrangement, and therefore illegal to export to "certain" countries. Simply making the source code available for download worldwide is legally equivilant to selling bombs to Iran. As fucked up as the law is, it must be obeyed if you want to avoid being jailed for arms trafficking.
This is not true. Open source, free software does not fall under the US munitions export controls. Otherwise, tools like openssl, tor, openssh, linux distributions, etc would not be available outside the US. See https://www.federalregister.gov/articles/2011/01/07/2010-32803/publicly-available-mass-market-encryption-software-and-other-specified-publicly-available-encryption for the public restatement of that fact. This fact has been true since 1996. See John Gilmore's fights and wins in the US courts here, http://www.toad.com/gnu/export/export.html. My understanding was that SourceForge is claiming that the specific OFAC sanctions against Iran would take precedence over the munitions export controls which were indeed relaxed for non-sanctioned countries. It just hasn't been challenged yet.
|
|
|
|
teamhugs
|
|
October 16, 2012, 12:20:37 AM Last edit: October 16, 2012, 03:14:00 AM by teamhugs |
|
My understanding was that SourceForge is claiming that the specific OFAC sanctions against Iran would take precedence over the munitions export controls which were indeed relaxed for non-sanctioned countries. It just hasn't been challenged yet.
They can claim whatever they want as their excuse. They are wrong, but it's their choice if they don't want to do it.
|
|
|
|
vokain
Legendary
Offline
Activity: 1834
Merit: 1019
|
|
October 16, 2012, 01:45:32 AM |
|
My understanding was that SourceForge is claiming that the specific OFAC sanctions against Iran would take precedence over the munitions export controls which were indeed relaxed for non-sanctioned countries. It just hasn't been challenged yet.
They can claim whatever they want as their excuse. They are wrong, but its their choice if they don't want to do it. +1
|
|
|
|
teamhugs
|
|
October 16, 2012, 03:24:51 AM |
|
In thinking broader about this, bitcoin.org is hosted on github servers. They are a US company and may also look at the embargoed countries and decide the citizens of an 'axis of evil' country cannot download bitcoin. It seems clear there needs to be a mirroring plan for bitcoin.org and binaries run by volunteers, in case of stupidity. This would also work well if someone forced the .org people to take down bitcoin.org.
|
|
|
|
matonis
|
|
October 16, 2012, 09:52:34 AM |
|
My understanding was that SourceForge is claiming that the specific OFAC sanctions against Iran would take precedence over the munitions export controls which were indeed relaxed for non-sanctioned countries. It just hasn't been challenged yet.
They can claim whatever they want as their excuse. They are wrong, but its their choice if they don't want to do it. +1 Are you both suggesting that the core bitcoin development group (who are listed at bitcoin.org) remove the checkbox that blocks SourceForge downloads to sanctioned countries?
|
|
|
|
teamhugs
|
|
October 16, 2012, 11:08:50 AM |
|
Are you both suggesting that the core bitcoin development group (who are listed at bitcoin.org) remove the checkbox that blocks SourceForge downloads to sanctioned countries?
Yes. And generally, allow bitcoin.org to be mirrored, or the binaries served up by non-sourceforge hosts (mirrors and bittorrent).
|
|
|
|
Gavin Andresen
Legendary
Offline
Activity: 1652
Merit: 2300
Chief Scientist
|
|
October 16, 2012, 11:37:23 AM |
|
And generally, allow bitcoin.org to be mirrored, or the binaries served up by non-sourceforge hosts (mirrors and bittorrent).
It is MIT licensed, anybody can mirror it anywhere they like. You don't need anybody's permission, just do it!
|
How often do you get the chance to work on a potentially world-changing project?
|
|
|
teamhugs
|
|
October 16, 2012, 04:19:42 PM |
|
It is MIT licensed, anybody can mirror it anywhere they like. You don't need anybody's permission, just do it!
Correct. You could make it easier to mirror it though. Right now httrack and pulling the binaries is my solution.
|
|
|
|
phatsphere
|
|
October 16, 2012, 07:59:00 PM |
|
setting up an rsyncd with the recent bitcoin binaries + valid signatures is a great idea. i'm sure, there are plenty of admins who would want to mirror it and a dedicated mirror index html page should list all of them.
just like the wikileaks fallback pages when their DNS entries were removed.
|
|
|
|
teamhugs
|
|
October 17, 2012, 11:04:05 PM |
|
And generally, allow bitcoin.org to be mirrored, or the binaries served up by non-sourceforge hosts (mirrors and bittorrent).
It is MIT licensed, anybody can mirror it anywhere they like. You don't need anybody's permission, just do it! Step 1: Done. Hourly pulls of website git ( https://github.com/bitcoin/bitcoin.github.com.git) from github. See http://btcmirror.is/Step 2: In progress. Replace sf.net links with local copies of all binaries and related sha(1|256)sum files plus signatures. Step 3: In progress. Replace googleapi.com and googlecode.com script links with local copies of the files. Step 4: Serving bitcoin website and binaries out of Iceland. Setup rsyncd for mirroring. Step 5: There is no step 5.
|
|
|
|
n8rwJeTt8TrrLKPa55eU
|
|
October 21, 2012, 12:52:25 AM |
|
And generally, allow bitcoin.org to be mirrored, or the binaries served up by non-sourceforge hosts (mirrors and bittorrent).
It is MIT licensed, anybody can mirror it anywhere they like. You don't need anybody's permission, just do it! Step 1: Done. Hourly pulls of website git ( https://github.com/bitcoin/bitcoin.github.com.git) from github. See http://btcmirror.is/Step 2: In progress. Replace sf.net links with local copies of all binaries and related sha(1|256)sum files plus signatures. Step 3: In progress. Replace googleapi.com and googlecode.com script links with local copies of the files. Step 4: Serving bitcoin website and binaries out of Iceland. Setup rsyncd for mirroring. Step 5: There is no step 5. Step 6: Thank you, teamhugs!
|
|
|
|
Tuxavant
|
|
October 21, 2012, 02:33:05 AM |
|
Sounds like this needs to be mirrored to a hidden service...
|
|
|
|
Spekulatius
Legendary
Offline
Activity: 1022
Merit: 1000
|
|
October 21, 2012, 01:25:55 PM |
|
There is some scepticism on reddit: - someone needs to check the hashes to make sure nothing was altered (to ease the paranoid) - does the mirrored site still link to sourceforge? If so Iranians would still be prohibited from downloading right?
|
|
|
|
teamhugs
|
|
October 23, 2012, 11:15:18 AM |
|
There is some scepticism on reddit: - someone needs to check the hashes to make sure nothing was altered (to ease the paranoid) - does the mirrored site still link to sourceforge? If so Iranians would still be prohibited from downloading right? I'm doing this for three reasons: 0. Iceland rocks and http://immi.is looks a reality. Go freedom. 1. The world should be able to download their bits as desired without letting some scared corporate lawyers dictate yes or no. 2. I want to host a complete copy of the bitcoin site with binaries on a piratebox with no internet access. I already can do this with Tor, because they put everything locally and provide a quick and easy rsync share. The tor site mirror is roughly 6 GB, which includes all binaries for all operating systems, and fits easily on a 16GB usb drive. However, any smart person will not trust me. You should check the binaries, the hashes, and everything I've done to mirror the site. Right now, I have not had time to patch the site to remove the reliance on sf.net and googlecode/googleapis. When I do figure out the patches, I intend to publish my git repo so others can clone/pull and check it out. I don't use github or other social networking technologies like it (facebook, twitter, sourceforge, etc).
|
|
|
|
|
|
|