User: Password:
|
|
Subscribe / Log in / New account

IBM's "open source" definition

IBM's "open source" definition

Posted Jan 13, 2005 18:20 UTC (Thu) by mmarsh (subscriber, #17029)
In reply to: IBM's "open source" definition by ncm
Parent article: IBM's patent pledge

For some software, this is about as open as it can get. Specifically, if you're writing code in the U.S. and include certain algorithms, your code falls under the Commerce Department's export regulations. If you don't qualify for the "Unrestricted" license exception, you might have to keep track of exactly who is getting copies of your code and ensuring that nobody from certain nations is. I believe this situation would impact any company developing what would otherwise be open source software according to the accepted definition, but I'm not positive. Fortunately, I've only ever had to worry about software arising from academic research.


(Log in to post comments)

Re: export regulations

Posted Jan 18, 2005 19:05 UTC (Tue) by roelofs (guest, #2599) [Link]

Specifically, if you're writing code in the U.S. and include certain algorithms, your code falls under the Commerce Department's export regulations. If you don't qualify for the "Unrestricted" license exception, you might have to keep track of exactly who is getting copies of your code and ensuring that nobody from certain nations is. I believe this situation would impact any company developing what would otherwise be open source software according to the accepted definition, but I'm not positive.

The only such software with which I'm familiar relates to cryptographic algorithms, and there's a separate exemption ("TSE," I think) for that (in the context of open-source software). See this for details, for example.

Greg

Re: export regulations

Posted Jan 18, 2005 20:11 UTC (Tue) by mmarsh (subscriber, #17029) [Link]

That's correct, at present, though it's "TSU" (EAR 740.13(e) -- be glad that you don't have that memorized). It appears that any FLOSS code would be covered (IANAL), but of course the Commerce Department could change the rules tomorrow. They're the ones who grant the exception, and they have the power to remove it.

Re: export regulations

Posted Jan 19, 2005 1:34 UTC (Wed) by roelofs (guest, #2599) [Link]

of course the Commerce Department could change the rules tomorrow. They're the ones who grant the exception, and they have the power to remove it.

In principle, they could do the same for all software, not just crypto code. That is, they technically have the same power to restrict exports much more broadly, and they could "grant" such a restriction at any time. (Of course, politically that would be suicide, but the point is that there aren't really any guarantees for any of us...)

Greg

Re: export regulations

Posted Jan 19, 2005 1:53 UTC (Wed) by mmarsh (subscriber, #17029) [Link]

True, but at present cryptographic algorithms (with keys above a certain length) are controlled by the export regulations, and are only "freely distributable" because of specific license exceptions. It would presumably be more difficult for Commerce to decide that something not yet under export controls should be controlled than to change the rules for something already controlled.

The funny thing is that, as good as RSA with keys lengths above 512 bits is, there are much better techniques for some things that aren't controlled at all. There's no restriction on one-time pads, for one thing, and Shamir's secret sharing is as secure as the length of your message space. As in there's nothing to invert, so you can't even brute-force it.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds