Обсуждение: Problem serving one-click installer to Syria
M. Bashir Al-Noimi wrote: > What's going on! > http://downforeveryoneorjustme.com/ gave me the following stupid message: > ------------------------------------------------------------------------ > downforeveryoneorjustme error message > > > Forbidden > > Your client does not have permission to get URL |/| from this server. > (Client IP address: 213.178.224.178) > > You are accessing this page from a forbidden country. > ------------------------------------------------------------------------ > and enterprisedb.com <http://enterprisedb.com> still unavailable! > > Now I wondering does postgresql forbids my country or not?, is it open > source or something else? I suppose we are going to have to guess your country; this web site, http://www.ip-adress.com/ip_tracer/213.178.224.178, says it is Syria. Certainly Postgres is available for everyone, but it seems EnterpriseDB (and http://downforeveryoneorjustme.com/) are not able to serve that IP block, which is a problem. I have moved this email to the Postgres www list, and changed the subject line. We should have more information for you soon. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + None of us is going to be here forever. +
On 15/06/2010 06:15 ص, Bruce Momjian wrote:
Thanks, I'm waiting for your reply.M. Bashir Al-Noimi wrote:What's going on! http://downforeveryoneorjustme.com/ gave me the following stupid message: ------------------------------------------------------------------------ downforeveryoneorjustme error message Forbidden Your client does not have permission to get URL |/| from this server. (Client IP address: 213.178.224.178) You are accessing this page from a forbidden country. ------------------------------------------------------------------------ and enterprisedb.com <http://enterprisedb.com> still unavailable! Now I wondering does postgresql forbids my country or not?, is it open source or something else?I suppose we are going to have to guess your country; this web site, http://www.ip-adress.com/ip_tracer/213.178.224.178, says it is Syria. Certainly Postgres is available for everyone, but it seems EnterpriseDB (and http://downforeveryoneorjustme.com/) are not able to serve that IP block, which is a problem. I have moved this email to the Postgres www list, and changed the subject line. We should have more information for you soon.
-- Best Regards Muhammad Bashir Al-Noimi My Blog: http://mbnoimi.net
Вложения
On Tue, Jun 15, 2010 at 06:15, Bruce Momjian <bruce@momjian.us> wrote: > M. Bashir Al-Noimi wrote: >> What's going on! >> http://downforeveryoneorjustme.com/ gave me the following stupid message: >> ------------------------------------------------------------------------ >> downforeveryoneorjustme error message >> >> >> Forbidden >> >> Your client does not have permission to get URL |/| from this server. >> (Client IP address: 213.178.224.178) >> >> You are accessing this page from a forbidden country. >> ------------------------------------------------------------------------ >> and enterprisedb.com <http://enterprisedb.com> still unavailable! >> >> Now I wondering does postgresql forbids my country or not?, is it open >> source or something else? > > I suppose we are going to have to guess your country; this web site, > http://www.ip-adress.com/ip_tracer/213.178.224.178, says it is Syria. > > Certainly Postgres is available for everyone, but it seems EnterpriseDB > (and http://downforeveryoneorjustme.com/) are not able to serve that IP > block, which is a problem. > > I have moved this email to the Postgres www list, and changed the > subject line. We should have more information for you soon. This is the second report of this issue this week, the previous one being a user in South Korea. It was fixed by Dave that time - but I'm detecting a pattern here :-) We don't want to get tihs stuff fixed on a case by case basis - can we verify that there is no generic block in place, please? -- Magnus HaganderMe: http://www.hagander.net/Work: http://www.redpill-linpro.com/
Magnus Hagander wrote: > On Tue, Jun 15, 2010 at 06:15, Bruce Momjian <bruce@momjian.us> wrote: >> M. Bashir Al-Noimi wrote: >>> What's going on! >>> http://downforeveryoneorjustme.com/ gave me the following stupid message: >>> ------------------------------------------------------------------------ >>> downforeveryoneorjustme error message >>> >>> >>> Forbidden >>> >>> Your client does not have permission to get URL |/| from this server. >>> (Client IP address: 213.178.224.178) >>> >>> You are accessing this page from a forbidden country. >>> ------------------------------------------------------------------------ >>> and enterprisedb.com <http://enterprisedb.com> still unavailable! >>> >>> Now I wondering does postgresql forbids my country or not?, is it open >>> source or something else? >> I suppose we are going to have to guess your country; this web site, >> http://www.ip-adress.com/ip_tracer/213.178.224.178, says it is Syria. >> >> Certainly Postgres is available for everyone, but it seems EnterpriseDB >> (and http://downforeveryoneorjustme.com/) are not able to serve that IP >> block, which is a problem. >> >> I have moved this email to the Postgres www list, and changed the >> subject line. We should have more information for you soon. > > This is the second report of this issue this week, the previous one > being a user in South Korea. It was fixed by Dave that time - but I'm > detecting a pattern here :-) We don't want to get tihs stuff fixed on > a case by case basis - can we verify that there is no generic block in > place, please? yeah - We really can't discriminate against some of our users in that way(and we are not doing that on any of our other sites). If we cannot get this fixed in a generic way we really need to look into alternative ways - at least for people being affected by that - to get to the one-click installer. Stefan
On Tue, Jun 15, 2010 at 7:58 AM, Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> wrote: > yeah - We really can't discriminate against some of our users in that > way(and we are not doing that on any of our other sites). If we cannot get > this fixed in a generic way we really need to look into alternative ways - > at least for people being affected by that - to get to the one-click > installer. Well South Korea would have been obviously just a mistake. But I would expect it to be an issue for any US company to server IPs in Syria, North Korea, Cuba, Iran, or Burma/Myanmar. Actually I don't know what restrictions there would be for a product that isn't being sold but I wouldn't be surprised if they wanted to be conservative and just not serve those IPs at all. For the community it might be tricky to solve since many of the servers are hosted or sponsored by US organizations. Having some servers with different rules than others might complicate matters significantly. -- greg
On Tue, 2010-06-15 at 13:16 +0100, Greg Stark wrote: > Actually I don't know what restrictions there would be for a product > that isn't being sold Maybe encryption related issues? -- Devrim GÜNDÜZ PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer PostgreSQL RPM Repository: http://yum.pgrpms.org Community: devrim~PostgreSQL.org, devrim.gunduz~linux.org.tr http://www.gunduz.org Twitter: http://twitter.com/devrimgunduz
On Tue, Jun 15, 2010 at 14:16, Greg Stark <gsstark@mit.edu> wrote: > On Tue, Jun 15, 2010 at 7:58 AM, Stefan Kaltenbrunner > <stefan@kaltenbrunner.cc> wrote: >> yeah - We really can't discriminate against some of our users in that >> way(and we are not doing that on any of our other sites). If we cannot get >> this fixed in a generic way we really need to look into alternative ways - >> at least for people being affected by that - to get to the one-click >> installer. > > Well South Korea would have been obviously just a mistake. But I would > expect it to be an issue for any US company to server IPs in Syria, > North Korea, Cuba, Iran, or Burma/Myanmar. Actually I don't know what > restrictions there would be for a product that isn't being sold but I > wouldn't be surprised if they wanted to be conservative and just not > serve those IPs at all. If that is so, there needs to be a mirror that's not excluding these countries. > For the community it might be tricky to solve since many of the > servers are hosted or sponsored by US organizations. Having some > servers with different rules than others might complicate matters > significantly. The community doesn't host the mirrors, we just point to them. Aside from what some poeple want it to be, linking is still legal AFAIK. It is up to each individual mirror what they want to distribute. We've never had issues with that before, and AFAIK nothing has changed around this for many years. -- Magnus HaganderMe: http://www.hagander.net/Work: http://www.redpill-linpro.com/
On Tue, Jun 15, 2010 at 12:16 PM, Greg Stark <gsstark@mit.edu> wrote: > On Tue, Jun 15, 2010 at 7:58 AM, Stefan Kaltenbrunner > <stefan@kaltenbrunner.cc> wrote: >> yeah - We really can't discriminate against some of our users in that >> way(and we are not doing that on any of our other sites). If we cannot get >> this fixed in a generic way we really need to look into alternative ways - >> at least for people being affected by that - to get to the one-click >> installer. > > Well South Korea would have been obviously just a mistake. But I would > expect it to be an issue for any US company to server IPs in Syria, > North Korea, Cuba, Iran, or Burma/Myanmar. Actually I don't know what > restrictions there would be for a product that isn't being sold but I > wouldn't be surprised if they wanted to be conservative and just not > serve those IPs at all. > > For the community it might be tricky to solve since many of the > servers are hosted or sponsored by US organizations. Having some > servers with different rules than others might complicate matters > significantly. Greg is entirely correct. We cannot export or facilitate the export of cryto code to embargoed countries, such as Syria due to US export laws. This doesn't just apply to EnterpriseDB of course, it applies to the community as well, either where our servers are in the US, or the people working on them are in the US. The penalties for ignoring this are *extremely* harsh. The situation is ridiculous I know - it's easy to get OpenSSL from any number of places of course. As of this morning, we have people looking into the legal issues to see if there is a way that we (EnterpriseDB and the community) can make all our downloads available universally without putting anyone at risk of prosecution. We're also talking to other large organisations involved in Open Source to see if/how they deal with this within the projects they work on. -- Dave Page EnterpriseDB UK: http://www.enterprisedb.com The Enterprise Postgres Company
On Tue, Jun 15, 2010 at 15:28, Dave Page <dpage@postgresql.org> wrote: > On Tue, Jun 15, 2010 at 12:16 PM, Greg Stark <gsstark@mit.edu> wrote: >> On Tue, Jun 15, 2010 at 7:58 AM, Stefan Kaltenbrunner >> <stefan@kaltenbrunner.cc> wrote: >>> yeah - We really can't discriminate against some of our users in that >>> way(and we are not doing that on any of our other sites). If we cannot get >>> this fixed in a generic way we really need to look into alternative ways - >>> at least for people being affected by that - to get to the one-click >>> installer. >> >> Well South Korea would have been obviously just a mistake. But I would >> expect it to be an issue for any US company to server IPs in Syria, >> North Korea, Cuba, Iran, or Burma/Myanmar. Actually I don't know what >> restrictions there would be for a product that isn't being sold but I >> wouldn't be surprised if they wanted to be conservative and just not >> serve those IPs at all. >> >> For the community it might be tricky to solve since many of the >> servers are hosted or sponsored by US organizations. Having some >> servers with different rules than others might complicate matters >> significantly. > > Greg is entirely correct. We cannot export or facilitate the export of > cryto code to embargoed countries, such as Syria due to US export > laws. This doesn't just apply to EnterpriseDB of course, it applies to > the community as well, either where our servers are in the US, or the > people working on them are in the US. The penalties for ignoring this > are *extremely* harsh. Well, it only applies to the US, so all our mirrors outside of the US should be fine, AFAIK. Nor does it apply to community members outside the US, however they'd do anything about that. > The situation is ridiculous I know - it's easy to get OpenSSL from any > number of places of course. As of this morning, we have people looking > into the legal issues to see if there is a way that we (EnterpriseDB > and the community) can make all our downloads available universally > without putting anyone at risk of prosecution. We're also talking to > other large organisations involved in Open Source to see if/how they > deal with this within the projects they work on. AFAIK, open source *communities* don't generally do anything at all about this. We can restrict access to any of our servers that run in the US, but as long as there are mirrors and the licence is open, anybody outside the US can just redistribute it. So it sounds like th easy fix is to just mirror it onto the community mirror network. -- Magnus HaganderMe: http://www.hagander.net/Work: http://www.redpill-linpro.com/
Magnus Hagander wrote: > On Tue, Jun 15, 2010 at 15:28, Dave Page <dpage@postgresql.org> wrote: >> On Tue, Jun 15, 2010 at 12:16 PM, Greg Stark <gsstark@mit.edu> wrote: >>> On Tue, Jun 15, 2010 at 7:58 AM, Stefan Kaltenbrunner >>> <stefan@kaltenbrunner.cc> wrote: >>>> yeah - We really can't discriminate against some of our users in that >>>> way(and we are not doing that on any of our other sites). If we cannot get >>>> this fixed in a generic way we really need to look into alternative ways - >>>> at least for people being affected by that - to get to the one-click >>>> installer. >>> Well South Korea would have been obviously just a mistake. But I would >>> expect it to be an issue for any US company to server IPs in Syria, >>> North Korea, Cuba, Iran, or Burma/Myanmar. Actually I don't know what >>> restrictions there would be for a product that isn't being sold but I >>> wouldn't be surprised if they wanted to be conservative and just not >>> serve those IPs at all. >>> >>> For the community it might be tricky to solve since many of the >>> servers are hosted or sponsored by US organizations. Having some >>> servers with different rules than others might complicate matters >>> significantly. >> Greg is entirely correct. We cannot export or facilitate the export of >> cryto code to embargoed countries, such as Syria due to US export >> laws. This doesn't just apply to EnterpriseDB of course, it applies to >> the community as well, either where our servers are in the US, or the >> people working on them are in the US. The penalties for ignoring this >> are *extremely* harsh. > > Well, it only applies to the US, so all our mirrors outside of the US > should be fine, AFAIK. Nor does it apply to community members outside > the US, however they'd do anything about that. exactly - and other large projects (like debian) who used to do a "non-US" mirror set stopped doing that ages ago (around the release of Sarge - 3.1) > > >> The situation is ridiculous I know - it's easy to get OpenSSL from any >> number of places of course. As of this morning, we have people looking >> into the legal issues to see if there is a way that we (EnterpriseDB >> and the community) can make all our downloads available universally >> without putting anyone at risk of prosecution. We're also talking to >> other large organisations involved in Open Source to see if/how they >> deal with this within the projects they work on. > > AFAIK, open source *communities* don't generally do anything at all > about this. We can restrict access to any of our servers that run in > the US, but as long as there are mirrors and the licence is open, > anybody outside the US can just redistribute it. So it sounds like th > easy fix is to just mirror it onto the community mirror network. yeah that seems like a very simple solution, just upload the stuff to the mirror network and provide an "if the above link to download fails with an error try here" on the main website. Stefan
On Tue, Jun 15, 2010 at 6:57 AM, Magnus Hagander <magnus@hagander.net> wrote: >> The situation is ridiculous I know - it's easy to get OpenSSL from any >> number of places of course. As of this morning, we have people looking >> into the legal issues to see if there is a way that we (EnterpriseDB >> and the community) can make all our downloads available universally >> without putting anyone at risk of prosecution. We're also talking to >> other large organisations involved in Open Source to see if/how they >> deal with this within the projects they work on. > > AFAIK, open source *communities* don't generally do anything at all > about this. We can restrict access to any of our servers that run in > the US, but as long as there are mirrors and the licence is open, > anybody outside the US can just redistribute it. So it sounds like th > easy fix is to just mirror it onto the community mirror network. +1 I'm going to ping Eben Moglen (lawyer at the software freedom law center) about this on our behalf. The few people I've talked to who have had to deal with similar issues think that crypto built from open standards no longer are subject to prosecution, and whether the software originated in the US or not, we are free to redistribute. -selena -- http://chesnok.com/daily - me
On Tue, Jun 15, 2010 at 8:25 AM, Selena Deckelmann <selenamarie@gmail.com> wrote: > I'm going to ping Eben Moglen (lawyer at the software freedom law > center) about this on our behalf. The few people I've talked to who > have had to deal with similar issues think that crypto built from open > standards no longer are subject to prosecution, and whether the > software originated in the US or not, we are free to redistribute. I've sent a message to Eben, and looked up a few things: http://sourceforge.net/blog/clarifying-sourceforgenets-denial-of-site-access-for-certain-persons-in-accordance-with-us-law/ http://www.softwarefreedom.org/blog/2010/mar/12/new-export-rules-promote-internet-freedom/ Will forward if I get an answer back from SFLC. -selena -- http://chesnok.com/daily - me
Stefan Kaltenbrunner wrote: > > AFAIK, open source *communities* don't generally do anything at all > > about this. We can restrict access to any of our servers that run in > > the US, but as long as there are mirrors and the licence is open, > > anybody outside the US can just redistribute it. So it sounds like th > > easy fix is to just mirror it onto the community mirror network. > > yeah that seems like a very simple solution, just upload the stuff to > the mirror network and provide an "if the above link to download fails > with an error try here" on the main website. First, to clarify, this only applies to the one-click installers because they embed the OpenSSL library into the installer, unlike, for example, the RPMs which use the operating system copy of OpenSSL. We have managed to avoid all this in the past because the community only distributed the software (not binaries) for years, but the one-click installer is forcing us to address this issue. Second, the one-click installers are produced by a USA company (EnterpriseDB), which means the company cannot facilitate distribution of the one-click installers to embargoed countries, and US citizens and people working for US companies cannot either. That severely limits our options because I assume USA companies must also prevent their software from being placed on servers that allow downloads from embargoed countries, and US citizens cannot facilitate this either. Now, if the binaries were created in Sweden (and assume Sweden has no embargoes), we could place the binaries on all the servers _except_ USA servers. However, since the binaries were created by a USA company, I don't think we have that option. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + None of us is going to be here forever. +
On 15/06/2010 02:16 م, Greg Stark wrote:
OOOH I got, this is the modern democracy! Thanks a lot Mr. Obama & Mrs. Clinton they want to liberate us from communist or socialistic dictators where they didn't worst than them.
For example before moving some open source projects we asked Launchpad admins if they apply US rule for blacklist counties and they answered No the open source must be opened for the humanity not for specific peoples this is clear principle (their servers in UK). Same answer I got from BerliOS (in Germany). For that many open source projects decided to move outside sf.net (US server) to GNA (French), Launchpad, BerliOS and many other open source hosting services.
This issue found in some cases not all, for example we can buy from Microsoft products and many other websites where we can't download or contribute in MySQL, sf.net, OpenOffice or even reading specific articles at IBM although there are some old contributors from Syria and the other blacklisted countries in many open source projects and many many projects owned by non-American people or even Americans believe in freedom and don't agree with forbidding policy for open source stuffs.On Tue, Jun 15, 2010 at 7:58 AM, Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> wrote:yeah - We really can't discriminate against some of our users in that way(and we are not doing that on any of our other sites). If we cannot get this fixed in a generic way we really need to look into alternative ways - at least for people being affected by that - to get to the one-click installer.Well South Korea would have been obviously just a mistake. But I would expect it to be an issue for any US company to server IPs in Syria, North Korea, Cuba, Iran, or Burma/Myanmar.
OK if they wanted to be conservative why they accept payments from these IPs? why they allow users of theses IPs to use US e-mail services? why they allow us to use facebook or Twitter where don't for scientific articles? where they don't allow us to just read a non-atomic article?Actually I don't know what restrictions there would be for a product that isn't being sold but I wouldn't be surprised if they wanted to be conservative and just not serve those IPs at all.
OOOH I got, this is the modern democracy! Thanks a lot Mr. Obama & Mrs. Clinton they want to liberate us from communist or socialistic dictators where they didn't worst than them.
No I think the problem can be solved easily just make mirrors outside US.For the community it might be tricky to solve since many of the servers are hosted or sponsored by US organizations. Having some servers with different rules than others might complicate matters significantly.
For example before moving some open source projects we asked Launchpad admins if they apply US rule for blacklist counties and they answered No the open source must be opened for the humanity not for specific peoples this is clear principle (their servers in UK). Same answer I got from BerliOS (in Germany). For that many open source projects decided to move outside sf.net (US server) to GNA (French), Launchpad, BerliOS and many other open source hosting services.
-- Best Regards Muhammad Bashir Al-Noimi My Blog: http://mbnoimi.net
Вложения
On 15/06/2010 03:18 م, Devrim GÜNDÜZ wrote: > On Tue, 2010-06-15 at 13:16 +0100, Greg Stark wrote: > >> Actually I don't know what restrictions there would be for a product >> that isn't being sold >> > Maybe encryption related issues? > Yes Devrim -- Best Regards Muhammad Bashir Al-Noimi My Blog: http://mbnoimi.net
Вложения
On 15/06/2010 03:28 م, Dave Page wrote: > On Tue, Jun 15, 2010 at 12:16 PM, Greg Stark<gsstark@mit.edu> wrote: > >> On Tue, Jun 15, 2010 at 7:58 AM, Stefan Kaltenbrunner >> <stefan@kaltenbrunner.cc> wrote: >> >>> yeah - We really can't discriminate against some of our users in that >>> way(and we are not doing that on any of our other sites). If we cannot get >>> this fixed in a generic way we really need to look into alternative ways - >>> at least for people being affected by that - to get to the one-click >>> installer. >>> >> Well South Korea would have been obviously just a mistake. But I would >> expect it to be an issue for any US company to server IPs in Syria, >> North Korea, Cuba, Iran, or Burma/Myanmar. Actually I don't know what >> restrictions there would be for a product that isn't being sold but I >> wouldn't be surprised if they wanted to be conservative and just not >> serve those IPs at all. >> >> For the community it might be tricky to solve since many of the >> servers are hosted or sponsored by US organizations. Having some >> servers with different rules than others might complicate matters >> significantly. >> > Greg is entirely correct. We cannot export or facilitate the export of > cryto code to embargoed countries, such as Syria due to US export > laws. This doesn't just apply to EnterpriseDB of course, it applies to > the community as well, either where our servers are in the US, or the > people working on them are in the US. The penalties for ignoring this > are *extremely* harsh. > I want to ask you a tiny question, do you agree with this policy? if yes go ahead and forbid your projects but not others projects (my friend from Spain be came crazy when I told him that I can access the SVN because US blocked my IP). > The situation is ridiculous I know - it's easy to get OpenSSL from any > number of places of course. As of this morning, we have people looking > into the legal issues to see if there is a way that we (EnterpriseDB > and the community) can make all our downloads available universally > without putting anyone at risk of prosecution. We're also talking to > other large organisations involved in Open Source to see if/how they > deal with this within the projects they work on. > Thanks a lot for your efforts. -- Best Regards Muhammad Bashir Al-Noimi My Blog: http://mbnoimi.net
Вложения
On 15/06/2010 05:25 م, Selena Deckelmann wrote: > On Tue, Jun 15, 2010 at 6:57 AM, Magnus Hagander<magnus@hagander.net> wrote: > > >>> The situation is ridiculous I know - it's easy to get OpenSSL from any >>> number of places of course. As of this morning, we have people looking >>> into the legal issues to see if there is a way that we (EnterpriseDB >>> and the community) can make all our downloads available universally >>> without putting anyone at risk of prosecution. We're also talking to >>> other large organisations involved in Open Source to see if/how they >>> deal with this within the projects they work on. >>> >> AFAIK, open source *communities* don't generally do anything at all >> about this. We can restrict access to any of our servers that run in >> the US, but as long as there are mirrors and the licence is open, >> anybody outside the US can just redistribute it. So it sounds like th >> easy fix is to just mirror it onto the community mirror network. >> > +1 > > I'm going to ping Eben Moglen (lawyer at the software freedom law > center) about this on our behalf. The few people I've talked to who > have had to deal with similar issues think that crypto built from open > standards no longer are subject to prosecution, and whether the > software originated in the US or not, we are free to redistribute. > > -selena > Nice guys, that's good news -- Best Regards Muhammad Bashir Al-Noimi My Blog: http://mbnoimi.net
Вложения
Hi! On Tue, Jun 15, 2010 at 10:35 AM, M. Bashir Al-Noimi <admin@mbnoimi.net> wrote: > OOOH I got, this is the modern democracy! While I sympathize with expressions of sarcasm around this issue -- let's keep this particular discussion on the topic of whether or not the 1-click installers can be mirrored. Using a Bcc to reduce the impulse to respond other than directly to individuals. -selena -- http://chesnok.com/daily - me
M. Bashir Al-Noimi wrote: > > Greg is entirely correct. We cannot export or facilitate the export of > > cryto code to embargoed countries, such as Syria due to US export > > laws. This doesn't just apply to EnterpriseDB of course, it applies to > > the community as well, either where our servers are in the US, or the > > people working on them are in the US. The penalties for ignoring this > > are *extremely* harsh. > > > I want to ask you a tiny question, do you agree with this policy? if yes > go ahead and forbid your projects but not others projects (my friend > from Spain be came crazy when I told him that I can access the SVN > because US blocked my IP). To clarify, the source code can be downloaded from anywhere. It is only the one-click installer that embeds OpenSSL that is a problem. Technically the non-source code distributions of Postgres are produced by external groups. The community only distributes the source code, though we provide links to the external groups, and we are working with those groups to see if we can come up with a solution. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + None of us is going to be here forever. +
Magnus Hagander wrote: > > For the community it might be tricky to solve since many of the > > servers are hosted or sponsored by US organizations. Having some > > servers with different rules than others might complicate matters > > significantly. > > The community doesn't host the mirrors, we just point to them. Aside > from what some poeple want it to be, linking is still legal AFAIK. It > is up to each individual mirror what they want to distribute. We've > never had issues with that before, and AFAIK nothing has changed > around this for many years. I don't think we want to be pushing embargoed data to mirrors and tell them them have to worry about it; that might lead to us losing mirrors and mirrors hosters feeling abused by the community. We would need to contact every mirror where this might be a problem, explain the issue, and let them decide if they want those files. But again, does a USA company have to try to prevent or report such mirrors --- I have no idea. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + None of us is going to be here forever. +
On 06/15/2010 07:58 PM, Bruce Momjian wrote: > M. Bashir Al-Noimi wrote: >>> Greg is entirely correct. We cannot export or facilitate the export of >>> cryto code to embargoed countries, such as Syria due to US export >>> laws. This doesn't just apply to EnterpriseDB of course, it applies to >>> the community as well, either where our servers are in the US, or the >>> people working on them are in the US. The penalties for ignoring this >>> are *extremely* harsh. >>> >> I want to ask you a tiny question, do you agree with this policy? if yes >> go ahead and forbid your projects but not others projects (my friend >> from Spain be came crazy when I told him that I can access the SVN >> because US blocked my IP). > > To clarify, the source code can be downloaded from anywhere. It is only > the one-click installer that embeds OpenSSL that is a problem. > > Technically the non-source code distributions of Postgres are produced > by external groups. The community only distributes the source code, > though we provide links to the external groups, and we are working with > those groups to see if we can come up with a solution. well we have pgcrypto in the main source tarball and we are able to distribute solaris/linux and other binaries through our mirror network just fine (and we managed to distribute the old MSI based windows installer als) so it seems easy enough to do the same for the one-click... Stefan
On Tue, Jun 15, 2010 at 7:36 PM, Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> wrote: >> Technically the non-source code distributions of Postgres are produced >> by external groups. The community only distributes the source code, >> though we provide links to the external groups, and we are working with >> those groups to see if we can come up with a solution. > > well we have pgcrypto in the main source tarball and we are able to > distribute solaris/linux and other binaries through our mirror network just > fine (and we managed to distribute the old MSI based windows installer als) > so it seems easy enough to do the same for the one-click... For what it's worth I'm unclear that this is purely a problem with crypto. It's illegal for a US company to do business in these companies even if they're just selling pencils. In the case of crypto they had to take *extra* precautions in the past such as getting agreements from recipients that they wouldn't redistribute the crypto to embargoed countries. I think the crypto situation has simplified in recent years but the general embargo is the same as it ever was. The embargo doesn't affect individuals communicating but when it comes to shipping binaries produced by a US company I'm not clear what the rules are or whether there are any restrictions. I'm sure EDB will figure out what it's allowed to do and we should just wait to find out whether we can work with whatever they're allowed to do.
On Tue, Jun 15, 2010 at 6:36 PM, Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> wrote: > well we have pgcrypto in the main source tarball and we are able to > distribute solaris/linux and other binaries through our mirror network just > fine (and we managed to distribute the old MSI based windows installer als) > so it seems easy enough to do the same for the one-click... You mean noone has complained yet. The fact is, we *have* had face-to-face contact from US authorities on this matter, reminding us (in not too subtle terms) that it is not legal to distribute crypto code to embargoed countries, and requiring us to put in place preventative measures. Those laws do apply to any people or servers in the US, not just EnterpriseDB - we're just easier to intimidate in person than the community. Now, that was a few years ago, and some people are now saying that exceptions are in place for Open Source software. We have folks looking into this, and if we're given the go-ahead to remove the blocks, we'll do so ASAP. -- Dave Page EnterpriseDB UK: http://www.enterprisedb.com The Enterprise Postgres Company
> Greg is entirely correct. We cannot export or facilitate the export of
> cryto code to embargoed countries, such as Syria due to US export
> laws. This doesn't just apply to EnterpriseDB of course, it applies to
> the community as well, either where our servers are in the US, or the
> people working on them are in the US. The penalties for ignoring this
> are *extremely* harsh.
Speaking from having dealt with this at Sun: it's not just crypto code.It's any goods at all, paid or not. EDB cannot
removetheir block.
Welcome to the Brave New World.
The answer would be for the community to mirror the one-click installers
on a non-US server. This should, preferably, be done by community
members who neither work for EDB nor are Americans and without any
active cooperation from EDB.
Of course, if someone wanted to download from one of those countries and
did so via a relay machine in a non-embargoed country, we would have no
way to detect that.
-- -- Josh Berkus PostgreSQL Experts Inc.
http://www.pgexperts.com
On 15/06/2010 08:02 م, Bruce Momjian wrote: > Magnus Hagander wrote: > >>> For the community it might be tricky to solve since many of the >>> servers are hosted or sponsored by US organizations. Having some >>> servers with different rules than others might complicate matters >>> significantly. >>> >> The community doesn't host the mirrors, we just point to them. Aside >> from what some poeple want it to be, linking is still legal AFAIK. It >> is up to each individual mirror what they want to distribute. We've >> never had issues with that before, and AFAIK nothing has changed >> around this for many years. >> > I don't think we want to be pushing embargoed data to mirrors and tell > them them have to worry about it; that might lead to us losing mirrors > and mirrors hosters feeling abused by the community. We would need to > contact every mirror where this might be a problem, explain the issue, > and let them decide if they want those files. > > But again, does a USA company have to try to prevent or report such > mirrors --- I have no idea. > > Personally I asked BerliOS and Launchpad they don't have any problem with US rules. you can ask them too. -- Best Regards Muhammad Bashir Al-Noimi My Blog: http://mbnoimi.net
Вложения
On 15/06/2010 07:58 م, Bruce Momjian wrote:
To be clear when I was using kubuntu I didn't face this issue because I was free to download my files from many repositories all around the world but when I tried to use pg on Windows the case changed thus I faced blocking issue.M. Bashir Al-Noimi wrote:Greg is entirely correct. We cannot export or facilitate the export of cryto code to embargoed countries, such as Syria due to US export laws. This doesn't just apply to EnterpriseDB of course, it applies to the community as well, either where our servers are in the US, or the people working on them are in the US. The penalties for ignoring this are *extremely* harsh.I want to ask you a tiny question, do you agree with this policy? if yes go ahead and forbid your projects but not others projects (my friend from Spain be came crazy when I told him that I can access the SVN because US blocked my IP).To clarify, the source code can be downloaded from anywhere. It is only the one-click installer that embeds OpenSSL that is a problem. Technically the non-source code distributions of Postgres are produced by external groups. The community only distributes the source code, though we provide links to the external groups, and we are working with those groups to see if we can come up with a solution.
-- Best Regards Muhammad Bashir Al-Noimi My Blog: http://mbnoimi.net
Вложения
On 06/15/2010 08:46 PM, Dave Page wrote: > On Tue, Jun 15, 2010 at 6:36 PM, Stefan Kaltenbrunner > <stefan@kaltenbrunner.cc> wrote: >> well we have pgcrypto in the main source tarball and we are able to >> distribute solaris/linux and other binaries through our mirror network just >> fine (and we managed to distribute the old MSI based windows installer als) >> so it seems easy enough to do the same for the one-click... > > You mean noone has complained yet. The fact is, we *have* had > face-to-face contact from US authorities on this matter, reminding us > (in not too subtle terms) that it is not legal to distribute crypto > code to embargoed countries, and requiring us to put in place > preventative measures. Those laws do apply to any people or servers in > the US, not just EnterpriseDB - we're just easier to intimidate in > person than the community. > > Now, that was a few years ago, and some people are now saying that > exceptions are in place for Open Source software. We have folks > looking into this, and if we're given the go-ahead to remove the > blocks, we'll do so ASAP. well i talked with the debian people on that and I got the following bit: http://www.debian.org/legal/cryptoinmain which states: "Under the new US Regulations, not only the open source, but also the compiled executable software derived from open source, is eligible for export under the same conditions as the open source itself, provided that the compiled executable is available without restriction and free of charge. " and also a lot of other very interesting stuff on how to deal with this mess. Stefan
M. Bashir Al-Noimi wrote: > On 15/06/2010 07:58 ?, Bruce Momjian wrote: > > M. Bashir Al-Noimi wrote: > > > >>> Greg is entirely correct. We cannot export or facilitate the export of > >>> cryto code to embargoed countries, such as Syria due to US export > >>> laws. This doesn't just apply to EnterpriseDB of course, it applies to > >>> the community as well, either where our servers are in the US, or the > >>> people working on them are in the US. The penalties for ignoring this > >>> are *extremely* harsh. > >>> > >>> > >> I want to ask you a tiny question, do you agree with this policy? if yes > >> go ahead and forbid your projects but not others projects (my friend > >> from Spain be came crazy when I told him that I can access the SVN > >> because US blocked my IP). > >> > > To clarify, the source code can be downloaded from anywhere. It is only > > the one-click installer that embeds OpenSSL that is a problem. > > > > Technically the non-source code distributions of Postgres are produced > > by external groups. The community only distributes the source code, > > though we provide links to the external groups, and we are working with > > those groups to see if we can come up with a solution. > > > > > To be clear when I was using kubuntu I didn't face this issue because I > was free to download my files from many repositories all around the > world but when I tried to use pg on Windows the case changed thus I > faced blocking issue. Oh, Kubuntu. In the short term then you can use the Ubuntu PG packages --- they work just fine. Under Administration, choose Synaptic Package Manager, and type "PostgreSQL" in the "Quick Search" box at the top. I think the first link is the one you want. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + None of us is going to be here forever. +
On Tue, Jun 15, 2010 at 6:55 PM, Josh Berkus <josh@agliodbs.com> wrote: > > Speaking from having dealt with this at Sun: it's not just crypto code. > It's any goods at all, paid or not. EDB cannot remove their block. > Welcome to the Brave New World. Oh, that would make more sense. I've been reading the government info on registering crypto downloads, but that seems to be a requirement for any export, not just to embargoed countries, which didn't tally up with what I'm told the feds required of us. > The answer would be for the community to mirror the one-click installers > on a non-US server. This should, preferably, be done by community > members who neither work for EDB nor are Americans and without any > active cooperation from EDB. And would need to be on a server other than ftp.postgresql.org. -- Dave Page EnterpriseDB UK: http://www.enterprisedb.com The Enterprise Postgres Company
On tis, 2010-06-15 at 16:07 +0200, Stefan Kaltenbrunner wrote: > > Well, it only applies to the US, so all our mirrors outside of the > US > > should be fine, AFAIK. Nor does it apply to community members > outside > > the US, however they'd do anything about that. > > exactly - and other large projects (like debian) who used to do a > "non-US" mirror set stopped doing that ages ago (around the release > of > Sarge - 3.1) Yeah, but they electronically register every piece of software they distribute with the US Department of Whatever as potentially containing crypto material. Which is quite different from not doing anything about it.
Dave Page wrote: > On Tue, Jun 15, 2010 at 6:55 PM, Josh Berkus <josh@agliodbs.com> wrote: >> Speaking from having dealt with this at Sun: it's not just crypto code. >> It's any goods at all, paid or not. EDB cannot remove their block. >> Welcome to the Brave New World. > > Oh, that would make more sense. I've been reading the government info > on registering crypto downloads, but that seems to be a requirement > for any export, not just to embargoed countries, which didn't tally up > with what I'm told the feds required of us. well have you looked at the debian link I posted? - we should be able to get a similiar setup going if we really need to. > >> The answer would be for the community to mirror the one-click installers >> on a non-US server. This should, preferably, be done by community >> members who neither work for EDB nor are Americans and without any >> active cooperation from EDB. > > And would need to be on a server other than ftp.postgresql.org. that should be doable I guess. Stefan
On Wed, Jun 16, 2010 at 6:38 AM, Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> wrote: > Dave Page wrote: >> >> On Tue, Jun 15, 2010 at 6:55 PM, Josh Berkus <josh@agliodbs.com> wrote: >>> >>> Speaking from having dealt with this at Sun: it's not just crypto code. >>> It's any goods at all, paid or not. EDB cannot remove their block. >>> Welcome to the Brave New World. >> >> Oh, that would make more sense. I've been reading the government info >> on registering crypto downloads, but that seems to be a requirement >> for any export, not just to embargoed countries, which didn't tally up >> with what I'm told the feds required of us. > > well have you looked at the debian link I posted? - we should be able to get > a similiar setup going if we really need to. Yes, but that's about exporting crypto software in general, which as we've established can be done simply by registering the exports via email. There's an overriding blanket ban on exporting *anything* to the handful of embargoed countries, as Josh B pointed out. In any case, our VP Finance is setting up a conference call with the specialist lawyers we used in the past for this, so we can understand the issues properly and figure out what we can do legally. We hope to do that today or tomorrow and I'll report back as soon as possible. -- Dave Page EnterpriseDB UK: http://www.enterprisedb.com The Enterprise Postgres Company
Hi again, I just want to know is there any progress in blocking issue? until now I noticed that you didn't get a solution for it, is it true? -- Best Regards Muhammad Bashir Al-Noimi My Blog: http://mbnoimi.net
Вложения
On Sat, Jun 19, 2010 at 1:07 AM, M. Bashir Al-Noimi <admin@mbnoimi.net> wrote: > Hi again, > > I just want to know is there any progress in blocking issue? > > until now I noticed that you didn't get a solution for it, is it true? I had a conference call yesterday with a lawyer who specialises in export control and had worked with us in the past on such issues. He basically said that regardless of any crypto related restrictions, it is illegal to export, or facilitate the export of anything from the US to any embargoed countries, which are currently Syria, Iran, North Korea, Sudan and Cuba. In practice, this means that: - No one from a US company such as EnterpriseDB can make the installers available to you, no matter where they are based, without putting the company and possibly themselves at risk of prosecution. - No community members in the US can make the installers available to you without putting themselves at risk of prosecution. - No community members outside the US can intentionally make the installers available to you on any servers in the US (which includes the postgresql.org mirror network), without putting themselves at risk of prosecution should they travel to the US. - No community member with the ability to prevent it (i.e. because they are a sysadmin) can knowingly allow the installers to be made available to you by another person on servers within the US, without putting themselves at risk of prosecution either in, or when entering the US. - Anyone giving advice or otherwise suggesting how you might get hold of the installers may be facilitating export, and thus liable to prosecution in or upon entering the US. So unfortunately the advice we've received is essentially identical to what Josh found when working for Sun, which is that there is nothing that EnterpriseDB, or the community running postgresql.org can do to help without risking severe penalties. I don't agree that this is in any way morally right, but I'm sure you understand that I and many others with ties to the US cannot take the risk of helping you download the products. -- Dave Page EnterpriseDB UK: http://www.enterprisedb.com The Enterprise Postgres Company
Dave Page <dpage@pgadmin.org> writes:
> So unfortunately the advice we've received is essentially identical to
> what Josh found when working for Sun, which is that there is nothing
> that EnterpriseDB, or the community running postgresql.org can do to
> help without risking severe penalties.
What's not apparent to me is why the one-click installers are any
different from the source code. ISTM that if putting them on the
postgresql.org mirror network would be legally hazardous, then we
*already* have a problem.
Is it not sufficient to have mirror servers within the US block
connections from the embargoed countries?
regards, tom lane
On 19/06/2010 03:12 م, Dave Page wrote:
I'd like to thank you a lot for your efforts you deal with situation in effective way so from my side I think you absolutely did what you've to do and more than that... thanks again.
Before ending my message I want to tell the following breaking news from yesterday which you may benefit from it in this issue.
All Syrian media talked about the an extraordinary visit of largest US companies to Syria
http://www.aitnews.com/news/12976.html
Unfortunately the article available in Arabic but I can give you the summary of it and you can translate it by Google translate service for full text translation.
Mr. Obama's administration will give the biggest US companies special exceptions from US embargo on Syria (Microsoft, Dell, CISCO, Symantec, Frieser and many others) so representatives of these companies met Syrian administrations and elite of Syrian businessmen from Aleppo (north city in Syria known as biggest Syrian city in industrial producing).
Although this situation is absolutely in the right direction but it forms many question marks about the reason of the embargo which basically done by Bush administration in the past.
How Obama's administration allows these companies to work while they blocking US community websites? why that companies got the except while other companies can't?
Bby the way Microsoft website -for example- never blocked at all while OpenOffice blocked as soon as Bush administration released the embargo! and all Syrians can update their Windows editions directly from Microsoft.com without any problem even we can visit Microsoft support system with community forums too.
Depending on that news I think you -maybe- find a solution for blocking issue specially if you compared your installer with Microsoft installers (you may ask the lawyers how Microsoft found a solution for that).
Oh my god, the rules deal with community such as enterprise companies! I've some info about that before but I didn't expect that the rules are so strict.On Sat, Jun 19, 2010 at 1:07 AM, M. Bashir Al-Noimi <admin@mbnoimi.net> wrote:Hi again, I just want to know is there any progress in blocking issue? until now I noticed that you didn't get a solution for it, is it true?I had a conference call yesterday with a lawyer who specialises in export control and had worked with us in the past on such issues. He basically said that regardless of any crypto related restrictions, it is illegal to export, or facilitate the export of anything from the US to any embargoed countries, which are currently Syria, Iran, North Korea, Sudan and Cuba. In practice, this means that: - No one from a US company such as EnterpriseDB can make the installers available to you, no matter where they are based, without putting the company and possibly themselves at risk of prosecution. - No community members in the US can make the installers available to you without putting themselves at risk of prosecution. - No community members outside the US can intentionally make the installers available to you on any servers in the US (which includes the postgresql.org mirror network), without putting themselves at risk of prosecution should they travel to the US. - No community member with the ability to prevent it (i.e. because they are a sysadmin) can knowingly allow the installers to be made available to you by another person on servers within the US, without putting themselves at risk of prosecution either in, or when entering the US. - Anyone giving advice or otherwise suggesting how you might get hold of the installers may be facilitating export, and thus liable to prosecution in or upon entering the US. So unfortunately the advice we've received is essentially identical to what Josh found when working for Sun, which is that there is nothing that EnterpriseDB, or the community running postgresql.org can do to help without risking severe penalties. I don't agree that this is in any way morally right, but I'm sure you understand that I and many others with ties to the US cannot take the risk of helping you download the products.
I'd like to thank you a lot for your efforts you deal with situation in effective way so from my side I think you absolutely did what you've to do and more than that... thanks again.
Before ending my message I want to tell the following breaking news from yesterday which you may benefit from it in this issue.
All Syrian media talked about the an extraordinary visit of largest US companies to Syria
http://www.aitnews.com/news/12976.html
Unfortunately the article available in Arabic but I can give you the summary of it and you can translate it by Google translate service for full text translation.
Mr. Obama's administration will give the biggest US companies special exceptions from US embargo on Syria (Microsoft, Dell, CISCO, Symantec, Frieser and many others) so representatives of these companies met Syrian administrations and elite of Syrian businessmen from Aleppo (north city in Syria known as biggest Syrian city in industrial producing).
Although this situation is absolutely in the right direction but it forms many question marks about the reason of the embargo which basically done by Bush administration in the past.
How Obama's administration allows these companies to work while they blocking US community websites? why that companies got the except while other companies can't?
Bby the way Microsoft website -for example- never blocked at all while OpenOffice blocked as soon as Bush administration released the embargo! and all Syrians can update their Windows editions directly from Microsoft.com without any problem even we can visit Microsoft support system with community forums too.
Depending on that news I think you -maybe- find a solution for blocking issue specially if you compared your installer with Microsoft installers (you may ask the lawyers how Microsoft found a solution for that).
-- Best Regards Muhammad Bashir Al-Noimi My Blog: http://mbnoimi.net
Вложения
Tom Lane wrote: > Dave Page <dpage@pgadmin.org> writes: > > So unfortunately the advice we've received is essentially identical to > > what Josh found when working for Sun, which is that there is nothing > > that EnterpriseDB, or the community running postgresql.org can do to > > help without risking severe penalties. > > What's not apparent to me is why the one-click installers are any > different from the source code. ISTM that if putting them on the > postgresql.org mirror network would be legally hazardous, then we > *already* have a problem. > > Is it not sufficient to have mirror servers within the US block > connections from the embargoed countries? To follow up on this, I think the reason blocking just USA servers from serving embargoed countries is that the installers are USA-produced, meaning anyone who moves them from the USA to servers that can serve Syria is subject to prosecution, even if they are not USA citizens or work for USA companies, but simply visit the USA. Now, technically the source code is not USA-produced but should not be served from USA servers, though I doubt practically that is an issue. A more concrete issue is that the Command Prompt-produced RPMs are USA-produced and probably have the same restrictions as the EDB installers. I wonder if those are blocked from serving embargoed countries, though that is really a Command Prompt issue (meaning it is not the community's responsibility to check on such things). -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + None of us is going to be here forever. +