public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* Re: [Bitcoin-development] Hosting of compiled bitcoin client
@ 2012-10-20  7:43 Mark Lister
  2012-10-20  8:33 ` Wladimir
  0 siblings, 1 reply; 8+ messages in thread
From: Mark Lister @ 2012-10-20  7:43 UTC (permalink / raw)
  To: bitcoin-development

>The issue is not cryptography, it's "trade with sanctioned countries",
period, where making
>files available to download is considered trade.

Spot on, in 2005 when I lived in (among other places) Sudan, Sourceforge
would block certain downloads (but not the project site).  That said it
was trivial to bypass the restrictions then.





^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [Bitcoin-development] Hosting of compiled bitcoin client
  2012-10-20  7:43 [Bitcoin-development] Hosting of compiled bitcoin client Mark Lister
@ 2012-10-20  8:33 ` Wladimir
  2012-10-20 14:19   ` Caleb James DeLisle
  0 siblings, 1 reply; 8+ messages in thread
From: Wladimir @ 2012-10-20  8:33 UTC (permalink / raw)
  To: Mark Lister; +Cc: bitcoin-development

On Sat, Oct 20, 2012 at 9:43 AM, Mark Lister <mark.lister@yahoo.com> wrote:
>>The issue is not cryptography, it's "trade with sanctioned countries",
> period, where making
>>files available to download is considered trade.
>
> Spot on, in 2005 when I lived in (among other places) Sudan, Sourceforge
> would block certain downloads (but not the project site).  That said it
> was trivial to bypass the restrictions then.

I don't think it's related to these sanctions but to the Great
Firewall of China, but sourceforge downloads are also blocked in
China. Also quite easy to bypass though.

Wladimir



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [Bitcoin-development] Hosting of compiled bitcoin client
  2012-10-20  8:33 ` Wladimir
@ 2012-10-20 14:19   ` Caleb James DeLisle
  0 siblings, 0 replies; 8+ messages in thread
From: Caleb James DeLisle @ 2012-10-20 14:19 UTC (permalink / raw)
  To: bitcoin-development

Another concern is sourceforge being attacked and a backdoored client uploaded.
Most people don't check signatures and I seem to recall sourceforge having some
vulnerabilities stemming from their "your own website on sourceforge" feature.
It looks like Github takes security a little bit more seriously.
Probably the best is to ask for free hosting from a reputable security conscious
bitcoin enthusiast but that basically means Tux and he's already an SPOF in the
coineverse.

Thanks,
Caleb

On 10/20/2012 04:33 AM, Wladimir wrote:
> On Sat, Oct 20, 2012 at 9:43 AM, Mark Lister <mark.lister@yahoo.com> wrote:
>>> The issue is not cryptography, it's "trade with sanctioned countries",
>> period, where making
>>> files available to download is considered trade.
>>
>> Spot on, in 2005 when I lived in (among other places) Sudan, Sourceforge
>> would block certain downloads (but not the project site).  That said it
>> was trivial to bypass the restrictions then.
> 
> I don't think it's related to these sanctions but to the Great
> Firewall of China, but sourceforge downloads are also blocked in
> China. Also quite easy to bypass though.
> 
> Wladimir
> 
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_sfd2d_oct
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> 





^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [Bitcoin-development] Hosting of compiled bitcoin client
  2012-10-14 22:33     ` Gregory Maxwell
@ 2012-10-14 22:49       ` Mike Hearn
  0 siblings, 0 replies; 8+ messages in thread
From: Mike Hearn @ 2012-10-14 22:49 UTC (permalink / raw)
  To: Gregory Maxwell; +Cc: bitcoin-development

The laws in question are OFAC sanctions:

http://en.wikipedia.org/wiki/Office_of_Foreign_Assets_Control

The specific acts that enable this are varied. In theory they apply to
any US citizen or resident. The issue is not cryptography, it's "trade
with sanctioned countries", period, where making files available to
download is considered trade.

For Bitcoin to be available in these places, the sites and download
mirrors would need to be hosted outside the USA by non-citizens. EU
sanctions are primarily financial at this time, as far as I know there
are no attempts to prevent people from serving data to Iran.

Example of places where there are no sanctions in effect: Switzerland.
Unfortunately datacenter space in Zurich is quite expensive (as is
everything here).

I would not ever describe OFAC as "effective law". The SDN list has
repeatedly been found unconstitutional, representing as it does a
complete evasion of the judicial system. If you end up on the
sanctions list no evidence is required, no process is followed and no
appeals are possible. The list itself assumes names are globally
unique.



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [Bitcoin-development] Hosting of compiled bitcoin client
  2012-10-14 22:09   ` Christian Decker
@ 2012-10-14 22:33     ` Gregory Maxwell
  2012-10-14 22:49       ` Mike Hearn
  0 siblings, 1 reply; 8+ messages in thread
From: Gregory Maxwell @ 2012-10-14 22:33 UTC (permalink / raw)
  To: Christian Decker; +Cc: bitcoin-development

On Sun, Oct 14, 2012 at 6:09 PM, Christian Decker
<decker.christian@gmail.com> wrote:
> Being an international team I'm pretty sure we can find someone who is in a
> more permissive country.
> Would someone knowledgeable point us to the specific laws, so that we can
> look it up in our respective jurisdiction?

The only restrictions I'm aware of are the EAR restrictions on the
export of cryptography.

These are generally not applicable to us for two reasons. One is that
we only use cryptography for authentication, which is explicitly
exempted:
http://www.bis.doc.gov/encryption/question2.htm

The other is that since Bernstein vs US
(http://en.wikipedia.org/wiki/Bernstein_v._United_States) there has
been absolutely no enforcement attempts against open source projects
as the precedent creating holding there makes it clear that these
regulations cannot inhibit the publication of source code.

Perhaps someone could make a little noise about binaries, but it would
be pure pretext: Especially since with the deterministic build process
we use anyone can produce bit-identical binaries (thus allowing builds
by untrusted third partities to be just as trustworthy as the official
ones).

> "more permissive country"

This made me laugh. It's hard to find places with better effective law
for most online and internet things.  Many places copy the US's
statutes (either cargo culting, or as part of treaty compliance) but
do so without also copying our legislative history which is
/generally/ highly protective.  For example, Australia has copied the
US munitions regulations exactly, but has no analog of Bernstein v. US
to limit the government's power.

Unfortunately sourceforce was rather vague about what regulations they
believe they're enforcing:
http://sourceforge.net/blog/clarifying-sourceforgenets-denial-of-site-access-for-certain-persons-in-accordance-with-us-law/

So unless someone has already done it, I'll get in touch with the EFF
and find out if they're aware of any particular precautions we should
take here.



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [Bitcoin-development] Hosting of compiled bitcoin client
  2012-10-14 22:02 ` Luke-Jr
@ 2012-10-14 22:09   ` Christian Decker
  2012-10-14 22:33     ` Gregory Maxwell
  0 siblings, 1 reply; 8+ messages in thread
From: Christian Decker @ 2012-10-14 22:09 UTC (permalink / raw)
  To: Luke-Jr; +Cc: bitcoin-development

[-- Attachment #1: Type: text/plain, Size: 1560 bytes --]

Being an international team I'm pretty sure we can find someone who is in a
more permissive country.
Would someone knowledgeable point us to the specific laws, so that we can
look it up in our respective jurisdiction?

Regards,
Chris

On Mon, Oct 15, 2012 at 12:02 AM, Luke-Jr <luke@dashjr.org> wrote:

> On Sunday, October 14, 2012 8:52:33 PM Kyle Henderson wrote:
> > Given that sourceforge has shown to restrict access to a number of
> > countries at the request of the USA
>
> This needs some clarification. If the USA has "requested" it, then
> presumably
> there's some legality involved, and our US developers shouldn't be made
> liable
> for it. The specific reason SourceForge has restricted access should be
> made
> known so non-US developers (or gitian builders) can evaluate their own laws
> and hopefully at least one will be in a jurisdiction that allows it.
> But GitHub is also US-located, so hosting it there may be a problem too.
>
> Luke
>
>
> ------------------------------------------------------------------------------
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>

[-- Attachment #2: Type: text/html, Size: 2167 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [Bitcoin-development] Hosting of compiled bitcoin client
  2012-10-14 20:52 Kyle Henderson
@ 2012-10-14 22:02 ` Luke-Jr
  2012-10-14 22:09   ` Christian Decker
  0 siblings, 1 reply; 8+ messages in thread
From: Luke-Jr @ 2012-10-14 22:02 UTC (permalink / raw)
  To: bitcoin-development

On Sunday, October 14, 2012 8:52:33 PM Kyle Henderson wrote:
> Given that sourceforge has shown to restrict access to a number of
> countries at the request of the USA

This needs some clarification. If the USA has "requested" it, then presumably 
there's some legality involved, and our US developers shouldn't be made liable 
for it. The specific reason SourceForge has restricted access should be made 
known so non-US developers (or gitian builders) can evaluate their own laws 
and hopefully at least one will be in a jurisdiction that allows it.
But GitHub is also US-located, so hosting it there may be a problem too.

Luke



^ permalink raw reply	[flat|nested] 8+ messages in thread

* [Bitcoin-development] Hosting of compiled bitcoin client
@ 2012-10-14 20:52 Kyle Henderson
  2012-10-14 22:02 ` Luke-Jr
  0 siblings, 1 reply; 8+ messages in thread
From: Kyle Henderson @ 2012-10-14 20:52 UTC (permalink / raw)
  To: bitcoin-development

[-- Attachment #1: Type: text/plain, Size: 383 bytes --]

Hi team,

Given that sourceforge has shown to restrict access to a number of
countries at the request of the USA, would hosting of the compiled client
on https://github.com/bitcoin/bitcoin/downloads be an alternative that
would be considered?

It seems like a logical alternative to me that requires little effort as it
is already in use as the code repository.

Kind regards,

Kyle

[-- Attachment #2: Type: text/html, Size: 542 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2012-10-20 14:21 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-10-20  7:43 [Bitcoin-development] Hosting of compiled bitcoin client Mark Lister
2012-10-20  8:33 ` Wladimir
2012-10-20 14:19   ` Caleb James DeLisle
  -- strict thread matches above, loose matches on Subject: below --
2012-10-14 20:52 Kyle Henderson
2012-10-14 22:02 ` Luke-Jr
2012-10-14 22:09   ` Christian Decker
2012-10-14 22:33     ` Gregory Maxwell
2012-10-14 22:49       ` Mike Hearn

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox