About strange email related to smalltalkhub read-only on squeak-dev

Am 30.05.2020 um 14:43 schrieb Stéphane Ducasse <[hidden email]>:

Hi all

This is the week-end and we worked super well yesterday during the sprint. Lot of good enhancements - Thanks a lot to all the participants. 

I not really happy to be forced to do it on a sunny saturday but I’m doing it to clarify points.

Esteban sent me this text that was posted on Squeak-Dev (I personally do not read squeak related forums because 

I have not the time and my focus is Pharo, its consortium, my team, my research and my family). 

We have to react because 

- We do not really at ***all** understand this email

- We did not kicked anybody from our mailing-list from ages - so ron is lying. In the past we even had discussion with ron - so we do not 

really understand. May be we got problem to log on our mailing-lists. 

We have no idea because we are working and not looking at such things.   

- When we migrated smalltalkhub to readonly we payed attention to make sure that private projects stay private.

We did not migrated smalltalkhub for fun. We MUST do it or it will be done by our infrastructure!

- Now the cryptography packages are MIT and they are public anyway. So again we do not understand anything. 

We do not get why Ron contacted us because we announced the migration publicly way in advance and we will keep 

the Smalltalkhub frozen repo for at least next 5 years. 

I feel really sorry to hear such kind of email because we do not want to fight with anybody. 

Our goal is to make sure that people can work with Pharo and expand their business and knowledge. 

We are working hard to make sure that people can invent their future with Pharo and people that know us personally 

know that we are not lying.

S

Hi all,

I've tried to work with the Pharo group but they keep kicking me out of their mailing list.  I've already mentioned this a number of times to the Pharo group but nobody seems to care.  

BOLD BOLD BOLD PLEASE TAKE THIS SERIOUSLY  BOLD BOLD BOLD

I am not a lawyer but we used very good lawyers to make the squeaksource repository a safe place to do cryptography work.  If you are working on cryptography DO NOT POST your code anywhere except squeaksource.  Especially if you are in the USA.  The ONLY repository that is approved to host our cryptography code in the USA and therefore not subject to criminal violations is squeaksource.  It is a CRIME in the USA to move code and make it available on the internet for everyone to download!  It must be hosted on squeaksoruce.com or another location that is also properly registered. 

IF YOU COPIED CRYPTOGRAPHY CODE TO ANOTHER REPOSITORY THAT IS NOT REGISTERED I would recommend you delete it immediately.

END BOLD!  

Please feel free to post this to the Pharo mailing list because they apparently do not want to hear from me!

All the best,

Ron Teitelbaum

--------------------------------------------

Stéphane Ducasse

http://stephane.ducasse.free.fr / http://www.pharo.org 

03 59 35 87 52

Assistant: Aurore Dalle 

FAX 03 59 57 78 50

TEL 03 59 35 86 16

S. Ducasse - Inria

40, avenue Halley, 

Parc Scientifique de la Haute Borne, Bât.A, Park Plaza

Villeneuve d'Ascq 59650

France

Am 31.05.2020 um 16:04 schrieb Paul DeBruicker <[hidden email]>:

Hi Norbert,

The EFF gives a nice overview of the US situation:
https://www.eff.org/deeplinks/2019/08/us-export-controls-and-published-encryption-source-code-explained

Although you are not a US citizen, and don't live here,  so I don't know how
it could affect you.  

In the link above the EFF does say they provide free consultations about
this topic so I'm sure someone there will clear things up for you.

Paul






NorbertHartl wrote

Yes, let us coordinate what to respond. To me this doesn't even sound like
Ron. Usually he is a rather quite and reasonable guy. Seems to be a lot of
misunderstandings here (again).
As I was the one copying the Cryptography package to github it concerns me
a bit. I've been remembered now about yet another strange law suit in the
US and indeed we need to raise a bit of awareness for this. 

So let's figure out what has to be done. 

Norbert

Am 30.05.2020 um 14:43 schrieb Stéphane Ducasse &lt;

stephane.ducasse@

&gt;:

Hi all

This is the week-end and we worked super well yesterday during the
sprint. Lot of good enhancements - Thanks a lot to all the participants. 
I not really happy to be forced to do it on a sunny saturday but I’m
doing it to clarify points.

Esteban sent me this text that was posted on Squeak-Dev (I personally do
not read squeak related forums because 
I have not the time and my focus is Pharo, its consortium, my team, my
research and my family). 

We have to react because 
- We do not really at ***all** understand this email
- We did not kicked anybody from our mailing-list from ages - so ron is
lying. In the past we even had discussion with ron - so we do not 
really understand. May be we got problem to log on our mailing-lists. 
We have no idea because we are working and not looking at such things.   
- When we migrated smalltalkhub to readonly we payed attention to make
sure that private projects stay private.
We did not migrated smalltalkhub for fun. We MUST do it or it will be
done by our infrastructure!
- Now the cryptography packages are MIT and they are public anyway. So
again we do not understand anything. 

We do not get why Ron contacted us because we announced the migration
publicly way in advance and we will keep 
the Smalltalkhub frozen repo for at least next 5 years. 

I feel really sorry to hear such kind of email because we do not want to
fight with anybody. 
Our goal is to make sure that people can work with Pharo and expand their
business and knowledge. 
We are working hard to make sure that people can invent their future with
Pharo and people that know us personally 
know that we are not lying.

S

Hi all,

I've tried to work with the Pharo group but they keep kicking me out of
their mailing list.  I've already mentioned this a number of times to
the Pharo group but nobody seems to care.  

BOLD BOLD BOLD PLEASE TAKE THIS SERIOUSLY  BOLD BOLD BOLD

I am not a lawyer but we used very good lawyers to make the squeaksource
repository a safe place to do cryptography work.  If you are working on
cryptography DO NOT POST your code anywhere except squeaksource. 
Especially if you are in the USA.  The ONLY repository that is approved
to host our cryptography code in the USA and therefore not subject to
criminal violations is squeaksource.  It is a CRIME in the USA to move
code and make it available on the internet for everyone to download! It
must be hosted on squeaksoruce.com &lt;http://squeaksoruce.com/&gt; or
another location that is also properly registered. 

IF YOU COPIED CRYPTOGRAPHY CODE TO ANOTHER REPOSITORY THAT IS NOT
REGISTERED I would recommend you delete it immediately.

END BOLD!  

Please feel free to post this to the Pharo mailing list because they
apparently do not want to hear from me!

All the best,

Ron Teitelbaum

--------------------------------------------
Stéphane Ducasse
http://stephane.ducasse.free.fr &lt;http://stephane.ducasse.free.fr/&gt;
/ http://www.pharo.org &lt;http://www.pharo.org/&gt; 
03 59 35 87 52
Assistant: Aurore Dalle 
FAX 03 59 57 78 50
TEL 03 59 35 86 16
S. Ducasse - Inria
40, avenue Halley, 
Parc Scientifique de la Haute Borne, Bât.A, Park Plaza
Villeneuve d'Ascq 59650
France

--
Sent from: http://forum.world.st/Pharo-Smalltalk-Developers-f1294837.html

Am 03.06.2020 um 00:13 schrieb Stéphane Ducasse <[hidden email]>:

What I do not like is that people say " group but they keep kicking me out of their mailing list ” when this is absolutely not true!

We can discuss and can argue even violently but we do not lie. 

S. 

On 31 May 2020, at 19:38, Bruce O'Neel <[hidden email]> wrote:

Hi,

So addressing only the crypto software issue and with the caveat that I am also not a lawyer but I have had to deal with certain aspects of this in the past....

Crypto software is one of those bizarre dual use items in terms of arms imports and exports.  While we as geeks just think of this is software or mathematics and might be confused as to why governments care, governments do care deeply about this.  And their way of expressing how much they care about this issue is by passing laws and prosecuting folks.

One of the easiest ways to get in trouble is for one to make the software available to residents and/or citizens of certain countries as well as available to people on a long list kept by different governments.  We can have a long debate about the morality of this concept but those who make the laws have decided that is the law.  And often these laws are crafted such that the executive can change important details on short notice and that puts the risk of prosecution at the whims of different world leaders.  

The license that the software is released under is not important.   

What Ron is stating is that squeak source supplied some additional protections to prevent accidentally making the software available to folks who the US feels should not have access.

If you have moved the software to another hosting provider without the permission or knowledge of the author, and therefore the owner of the software, you have put that person at additional risk.  In addition you and the hosting provider are taking on additional risk.

If it was moved to GitHub I strongly recommend reviewing their policies on trade controls and what risks you assume.

https://help.github.com/en/github/site-policy/github-and-trade-controls

Finally I would strongly recommend talking to a competent legal advisor who is deeply familiar with the details of these laws.  They are complex and highly variable between different parts of the world.

I know this seems like a lot of trouble and wasted time but you can spend a giant amount of time and money defending oneself from arms trafficking charges.

cheers

bruce

30 May 2020 14:43 Stéphane Ducasse <[hidden email]> wrote:

Hi all

This is the week-end and we worked super well yesterday during the sprint. Lot of good enhancements - Thanks a lot to all the participants. 

I not really happy to be forced to do it on a sunny saturday but I’m doing it to clarify points.

Esteban sent me this text that was posted on Squeak-Dev (I personally do not read squeak related forums because 

I have not the time and my focus is Pharo, its consortium, my team, my research and my family). 

We have to react because 

- We do not really at ***all** understand this email

- We did not kicked anybody from our mailing-list from ages - so ron is lying. In the past we even had discussion with ron - so we do not 

really understand. May be we got problem to log on our mailing-lists. 

We have no idea because we are working and not looking at such things.   

- When we migrated smalltalkhub to readonly we payed attention to make sure that private projects stay private.

We did not migrated smalltalkhub for fun. We MUST do it or it will be done by our infrastructure!

- Now the cryptography packages are MIT and they are public anyway. So again we do not understand anything. 

We do not get why Ron contacted us because we announced the migration publicly way in advance and we will keep 

the Smalltalkhub frozen repo for at least next 5 years. 

I feel really sorry to hear such kind of email because we do not want to fight with anybody. 

Our goal is to make sure that people can work with Pharo and expand their business and knowledge. 

We are working hard to make sure that people can invent their future with Pharo and people that know us personally 

know that we are not lying.

S

Hi all,

I've tried to work with the Pharo group but they keep kicking me out of their mailing list.  I've already mentioned this a number of times to the Pharo group but nobody seems to care.  

BOLD BOLD BOLD PLEASE TAKE THIS SERIOUSLY  BOLD BOLD BOLD

I am not a lawyer but we used very good lawyers to make the squeaksource repository a safe place to do cryptography work.  If you are working on cryptography DO NOT POST your code anywhere except squeaksource.  Especially if you are in the USA.  The ONLY repository that is approved to host our cryptography code in the USA and therefore not subject to criminal violations is squeaksource.  It is a CRIME in the USA to move code and make it available on the internet for everyone to download!  It must be hosted on squeaksoruce.com or another location that is also properly registered. 

IF YOU COPIED CRYPTOGRAPHY CODE TO ANOTHER REPOSITORY THAT IS NOT REGISTERED I would recommend you delete it immediately.

END BOLD!  

Please feel free to post this to the Pharo mailing list because they apparently do not want to hear from me!

All the best,

Ron Teitelbaum

--------------------------------------------

Stéphane Ducasse

http://stephane.ducasse.free.fr / http://www.pharo.org 

03 59 35 87 52

Assistant: Aurore Dalle 

FAX 03 59 57 78 50

TEL 03 59 35 86 16

S. Ducasse - Inria

40, avenue Halley, 

Parc Scientifique de la Haute Borne, Bât.A, Park Plaza

Villeneuve d'Ascq 59650

France

--------------------------------------------

Stéphane Ducasse

http://stephane.ducasse.free.fr / http://www.pharo.org 

03 59 35 87 52

Assistant: Aurore Dalle 

FAX 03 59 57 78 50

TEL 03 59 35 86 16

S. Ducasse - Inria

40, avenue Halley, 

Parc Scientifique de la Haute Borne, Bât.A, Park Plaza

Villeneuve d'Ascq 59650

France