Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1TNWkT-00017J-ID for bitcoin-development@lists.sourceforge.net; Sun, 14 Oct 2012 22:33:29 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.223.175 as permitted sender) client-ip=209.85.223.175; envelope-from=gmaxwell@gmail.com; helo=mail-ie0-f175.google.com; Received: from mail-ie0-f175.google.com ([209.85.223.175]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1TNWkP-00031R-6N for bitcoin-development@lists.sourceforge.net; Sun, 14 Oct 2012 22:33:29 +0000 Received: by mail-ie0-f175.google.com with SMTP id c13so7569601ieb.34 for ; Sun, 14 Oct 2012 15:33:20 -0700 (PDT) MIME-Version: 1.0 Received: by 10.50.208.106 with SMTP id md10mr7409119igc.5.1350253999950; Sun, 14 Oct 2012 15:33:19 -0700 (PDT) Received: by 10.64.34.4 with HTTP; Sun, 14 Oct 2012 15:33:19 -0700 (PDT) In-Reply-To: References: <201210142202.47221.luke@dashjr.org> Date: Sun, 14 Oct 2012 18:33:19 -0400 Message-ID: From: Gregory Maxwell To: Christian Decker Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -1.4 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gmaxwell[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.2 AWL AWL: From: address is in the auto white-list X-Headers-End: 1TNWkP-00031R-6N Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] Hosting of compiled bitcoin client X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Oct 2012 22:33:29 -0000 On Sun, Oct 14, 2012 at 6:09 PM, Christian Decker wrote: > Being an international team I'm pretty sure we can find someone who is in a > more permissive country. > Would someone knowledgeable point us to the specific laws, so that we can > look it up in our respective jurisdiction? The only restrictions I'm aware of are the EAR restrictions on the export of cryptography. These are generally not applicable to us for two reasons. One is that we only use cryptography for authentication, which is explicitly exempted: http://www.bis.doc.gov/encryption/question2.htm The other is that since Bernstein vs US (http://en.wikipedia.org/wiki/Bernstein_v._United_States) there has been absolutely no enforcement attempts against open source projects as the precedent creating holding there makes it clear that these regulations cannot inhibit the publication of source code. Perhaps someone could make a little noise about binaries, but it would be pure pretext: Especially since with the deterministic build process we use anyone can produce bit-identical binaries (thus allowing builds by untrusted third partities to be just as trustworthy as the official ones). > "more permissive country" This made me laugh. It's hard to find places with better effective law for most online and internet things. Many places copy the US's statutes (either cargo culting, or as part of treaty compliance) but do so without also copying our legislative history which is /generally/ highly protective. For example, Australia has copied the US munitions regulations exactly, but has no analog of Bernstein v. US to limit the government's power. Unfortunately sourceforce was rather vague about what regulations they believe they're enforcing: http://sourceforge.net/blog/clarifying-sourceforgenets-denial-of-site-access-for-certain-persons-in-accordance-with-us-law/ So unless someone has already done it, I'll get in touch with the EFF and find out if they're aware of any particular precautions we should take here.