You are viewing a plain text version of this content. The canonical link for it is here.

Posted to legal-discuss@apache.org by jm...@jmason.org on 2005/08/20 00:10:09 UTC

Request for Export Code for Spam Assassin (fwd)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


It appears the ECCN is something to do with US government crypto
licensing.  See these google hits:

  http://www.openldap.org/lists/openldap-software/200407/msg00717.html
  http://www.bxa.doc.gov/licensing/facts2.htm

I think we're in the same boat as OpenLDAP:

  'I am not aware of any code in OpenLDAP that implements reversible
  encryption, which is what the US government restrictions apply to.
  Therefore, OpenLDAP itself is not subject to export controls.'

What should we do?  How has this been dealt with by other ASF projects,
if ever?

- --j.

- ------- Forwarded Message
> Date:    Fri, 19 Aug 2005 16:56:08 -0500
> From:    [ELIDED]
> To:      <ME...@JMASON.ORG>
> Subject: Request for Export Code for Spam Assassin
> 
> This is a multi-part message in MIME format.
> 
> ------_=_NextPart_001_01C5A508.CE34F2D2
> Content-Type: text/plain;
> 	charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
> 
> Justin,
> Please provide the Export Control Classification Number for the
> following product:
> 
> Spam Assassin 2.64
> 
> If this is not the correct place to make this request, please forward
> this to your export compliance office.
> 
> Thank you!
> 
> [ELIDED]
> [ELIDED]
> [ELIDED]
> [ELIDED]
> [ELIDED]
> [ELIDED]
> 
> [ELIDED]
> [ELIDED]
> [ELIDED]
> 
> ------_=_NextPart_001_01C5A508.CE34F2D2
> Content-Type: text/html;
> 	charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
> 
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
> <HTML>
> <HEAD>
> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
> <META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7232.62">
> <TITLE>Request for Export Code for Spam Assassin</TITLE>
> </HEAD>
> <BODY>
> <!-- Converted from text/rtf format -->
> 
> <P><FONT SIZE=2 FACE="Arial">Justin,</FONT>
> 
> <BR><FONT SIZE=2 FACE="Arial">Please provide the Export Control Classification Number for the following product:</FONT>
> </P>
> 
> <P><FONT SIZE=2 FACE="Arial">Spam Assassin 2.64</FONT>
> </P>
> 
> <P><FONT SIZE=2 FACE="Arial">If this is not the correct place to make this request, please forward this to your export compliance office.</FONT>
> </P>
> 
> <P><FONT SIZE=2 FACE="Arial">Thank you!</FONT>
> </P>
> <BR>
> 
> <P><B><I><FONT COLOR="#800000" SIZE=4 FACE="Comic Sans MS">[ELIDED]</FONT></I></B><I></I>
> 
> <BR><FONT SIZE=2 FACE="Comic Sans MS">[ELIDED]</FONT>
> 
> <BR><FONT SIZE=2 FACE="Comic Sans MS">[ELIDED]</FONT>
> 
> <BR><FONT SIZE=2 FACE="Comic Sans MS">[ELIDED]</FONT>
> 
> <BR><FONT SIZE=2 FACE="Comic Sans MS">[ELIDED]</FONT>
> 
> <BR><FONT SIZE=2 FACE="Comic Sans MS">[ELIDED]</FONT>
> </P>
> 
> <P><FONT SIZE=2 FACE="Comic Sans MS">[ELIDED]</FONT>
> 
> <BR><FONT SIZE=2 FACE="Comic Sans MS">+ </FONT><A
> HREF="[ELIDED]"><U><FONT COLOR="#0000FF" SIZE=2
> FACE="Comic Sans MS">[ELIDED]</FONT></U></A>
> 
> <BR><FONT SIZE=2 FACE="Comic Sans MS">[ELIDED]</FONT>
> </P>
> <BR>
> <BR>
> 
> </BODY>
> </HTML>
> ------_=_NextPart_001_01C5A508.CE34F2D2--
> 
> ------- End of Forwarded Message
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFDBljAMJF5cimLx9ARAgSMAKCpdi2FGGvCyK5I3k8cp2XcVVDM0wCfWGSu
Nra2TJNgUyy4trI21rqGu6Y=
=lFm7
-----END PGP SIGNATURE-----


---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only, are not privileged and do not constitute legal advice.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

RE: Request for Export Code for Spam Assassin (fwd)

Posted by Lawrence Rosen <lr...@rosenlaw.com>.

> > > Please provide the Export Control Classification Number for the 
> > > following product:
> > > 
> > > Spam Assassin 2.64
> > > 
> > > If this is not the correct place to make this request, please 
> > > forward this to your export compliance office.

The last time someone asked this question I responded as follows:

> Can someone with BXA experience explain why all Apache software isn't 
> eligible for "EAR99 (NLR)" status? I understand "NLR" to mean that 
> "no license is required." 

I never heard from anyone. It is my experience that this category suffices
for all open source software, at least for open source software without
encryption. Unless there is a better answer from one of the other lawyers
here, I suggest we go with "EAR99 (NLR)".

/Larry Rosen  

> -----Original Message-----
> From: Theo Van Dinter [mailto:felicity@apache.org] 
> Sent: Friday, August 19, 2005 3:56 PM
> To: legal-discuss@apache.org; pmc@SpamAssassin.apache.org
> Subject: Re: Request for Export Code for Spam Assassin (fwd)
> 
> Another thing to note, btw, is that they're requesting it for 
> SpamAssassin 2.64, which was pre-ASF (ASF releases of the 
> code started with 3.0.0).
> 
> But yeah, I agree we're in the same boat as OpenLDAP it 
> seems.  We don't have any encryption in our code itself.
> 
> On Fri, Aug 19, 2005 at 03:10:09PM -0700, Justin Mason wrote:
> > I think we're in the same boat as OpenLDAP:
> > 
> >   'I am not aware of any code in OpenLDAP that implements reversible
> >   encryption, which is what the US government restrictions apply to.
> >   Therefore, OpenLDAP itself is not subject to export controls.'
> > 
> > What should we do?  How has this been dealt with by other ASF 
> > projects, if ever?
> > 
> > > Justin,
> > > Please provide the Export Control Classification Number for the 
> > > following product:
> > > 
> > > Spam Assassin 2.64
> > > 
> > > If this is not the correct place to make this request, please 
> > > forward this to your export compliance office.
> 
> --
> Randomly Generated Tagline:
> "Why is there a watermelon there? I'll tell you later." - 
> From Buckaroo Bonzai
> 


---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only, are not privileged and do not constitute legal advice.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

Re: Request for Export Code for Spam Assassin (fwd)

Posted by Theo Van Dinter <fe...@apache.org>.

Another thing to note, btw, is that they're requesting it for SpamAssassin
2.64, which was pre-ASF (ASF releases of the code started with 3.0.0).

But yeah, I agree we're in the same boat as OpenLDAP it seems.  We don't have
any encryption in our code itself.

On Fri, Aug 19, 2005 at 03:10:09PM -0700, Justin Mason wrote:
> I think we're in the same boat as OpenLDAP:
> 
>   'I am not aware of any code in OpenLDAP that implements reversible
>   encryption, which is what the US government restrictions apply to.
>   Therefore, OpenLDAP itself is not subject to export controls.'
> 
> What should we do?  How has this been dealt with by other ASF projects,
> if ever?
> 
> > Justin,
> > Please provide the Export Control Classification Number for the
> > following product:
> > 
> > Spam Assassin 2.64
> > 
> > If this is not the correct place to make this request, please forward
> > this to your export compliance office.

-- 
Randomly Generated Tagline:
"Why is there a watermelon there? I'll tell you later." - From Buckaroo Bonzai