Published on: 2012-10-20T14:19:47+00:00
There are concerns about Sourceforge being attacked and a backdoored client being uploaded, with some people not checking signatures. Sourceforge has had vulnerabilities in the past due to their "your own website on Sourceforge" feature, leading to suggestions that Github takes security more seriously. It has been proposed to ask for free hosting from a reputable security-conscious bitcoin enthusiast, although this would create another Single Point of Failure (SPOF) in the coineverse. Additionally, Sourceforge downloads are blocked in China due to the Great Firewall, but it is easy to bypass these restrictions.In an email conversation between Mark Lister and Wladimir, the issue of Sourceforge blocking downloads in certain countries is discussed. They agree that the problem is related to trade with sanctioned countries and the Great Firewall of China. They also note that bypassing these restrictions is relatively easy.A user on Reddit argues that the issue is not cryptography itself, but rather trade with sanctioned countries. Making files available for download can be considered trade and may lead to restrictions. This highlights the complexity of the cryptography and trade restriction issue. While some advocate for strong encryption protocols to protect privacy and sensitive data, others are concerned about potential misuse. There are also concerns about the impact of trade restrictions on innovation and open access to information.The laws in question are Office of Foreign Assets Control (OFAC) sanctions, which apply to US citizens or residents. Making files available for download to sanctioned countries is considered trade. To make Bitcoin available in these places, sites and download mirrors must be hosted outside the USA by non-citizens. EU sanctions primarily focus on financial aspects and do not prevent serving data to Iran. Switzerland does not have any sanctions in effect, but datacenter space in Zurich is expensive. The SDN list of OFAC, which assumes globally unique names, has been found unconstitutional.In an email exchange, Christian Decker seeks information on the laws regarding cryptography in their project. The only known restrictions are the EAR restrictions on the export of cryptography, which do not apply to them as they only use cryptography for authentication. Enforcement attempts against open source projects have been minimal since the Bernstein vs US case. Christian also mentions the difficulty of finding a country with more permissive laws and plans to contact the EFF for advice.A member of the Bitcoin-development mailing list suggests finding a country with more permissive laws for hosting and accessing Bitcoin-related content. Another member questions the legality of restricting access at the request of the USA and suggests non-US developers evaluate their own laws. The reason for Sourceforge's restrictions should be made known. GitHub, another US-located platform, may also present similar problems.In an email exchange, Kyle Henderson expresses concerns about SourceForge restricting access to certain countries at the request of the USA. He requests clarification on the legality of this situation to protect US developers. Kyle suggests hosting the compiled client on GitHub as an alternative to Sourceforge, as it is already used as the code repository and would require minimal effort.
Updated on: 2023-08-01T04:00:42.263712+00:00