<div dir="ltr"><div class="gmail_default" style="font-size:small">Hi Rob,</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">I'm not a lawyer but I think you are ok on <a href="http://squeaksource.com">squeaksource.com</a>. You could register your code on github but you should discuss it with a lawyer. The issue is that if you make cryptography code available to the public you are not able to guarantee that hostile state actors do not download the code. That is a violation of US Law. There is an exception in the law that says if the code is available as part of an open source project and it is properly registered we can make the code publically available on the internet. </div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small"><a href="http://squeaksource.com">squeaksource.com</a> is properly registered and part of an open source project. If you like we can work to find a solution for your java code. There are also exceptions for weak encryption short key lengths etc. We would have to spend some time to figure it all out again to see if we can find a solution for your other code.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">By the way, squeakSSL is another interesting exception. Since we use OS modules instead of using our own crypto code in the plugin (unlike Pharo that has decided to include OpenSSL in their plugin) it is not really exporting cryptography. Including openSSL and exporting it is also not a good idea unless that plugin's location is also registered in the USA.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">People that download and use the code are responsible to make sure that their products are not exported to any countries on the list of countries that are prohibited. </div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">All the best,</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Ron Teitelbaum</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, May 29, 2020 at 5:04 PM Robert Withers <<a href="mailto:robert.withers@pm.me">robert.withers@pm.me</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>
<p>Thanks for the heads up and clarification. Would you think that
that applies to a protocol like
ParrotTalk-Smalltalk/ParrotTalk-Swift (the code I put on github).
Shoot, do you think my Java code for ASN1 and ParrotTalk is a
violation? I am going to go ahead an delete, nobody uses it and
shouldn't. It is no where near the latest. <br>
</p>
<p>What would you say about my duplicate project on squeaksource,
named Oceanside? I have ALL the Crypto there as a sort of backup.
<b>Paranoia will destroy you!! Duh, Duh-Duh, Duh, Duh-Duh,
Duh-Duh!</b></p>
<p><b>K, r</b><br>
</p>
<div>On 5/29/20 4:58 PM, Ron Teitelbaum
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default" style="font-size:small">Hi all,</div>
<div class="gmail_default" style="font-size:small"><br>
</div>
<div class="gmail_default" style="font-size:small">I've tried to
work with the Pharo group but they keep kicking me out of
their mailing list. I've already mentioned this a number of
times to the Pharo group but nobody seems to care. </div>
<div class="gmail_default" style="font-size:small"><br>
</div>
<div class="gmail_default" style="font-size:small">BOLD BOLD
BOLD PLEASE TAKE THIS SERIOUSLY BOLD BOLD BOLD</div>
<div class="gmail_default" style="font-size:small"><br>
</div>
<div class="gmail_default" style="font-size:small">I am not a
lawyer but we used very good lawyers to make the squeaksource
repository a safe place to do cryptography work. If you are
working on cryptography DO NOT POST your code anywhere
except squeaksource. Especially if you are in the USA. The
ONLY repository that is approved to host our cryptography code
in the USA and therefore not subject to criminal violations is
squeaksource. It is a CRIME in the USA to move code and make
it available on the internet for everyone to download! It
must be hosted on <a href="http://squeaksoruce.com" target="_blank">squeaksoruce.com</a> or another
location that is also properly registered. </div>
<div class="gmail_default" style="font-size:small"><br>
</div>
<div class="gmail_default" style="font-size:small">IF YOU COPIED
CRYPTOGRAPHY CODE TO ANOTHER REPOSITORY THAT IS NOT REGISTERED
I would recommend you delete it immediately.</div>
<div class="gmail_default" style="font-size:small"><br>
</div>
<div class="gmail_default" style="font-size:small">END BOLD! </div>
<div class="gmail_default" style="font-size:small"><br>
</div>
<div class="gmail_default" style="font-size:small">Please feel
free to post this to the Pharo mailing list because they
apparently do not want to hear from me!</div>
<div class="gmail_default" style="font-size:small"><br>
</div>
<div class="gmail_default" style="font-size:small">All the best,</div>
<div class="gmail_default" style="font-size:small"><br>
</div>
<div class="gmail_default" style="font-size:small">Ron
Teitelbaum</div>
<div class="gmail_default" style="font-size:small"><br>
</div>
<div class="gmail_default" style="font-size:small"><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, May 28, 2020 at 9:59
PM Robert Withers via Squeak-dev <<a href="mailto:squeak-dev@lists.squeakfoundation.org" target="_blank">squeak-dev@lists.squeakfoundation.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hey
Ron, since you spent serious time in making our Cryptography
project <br>
an official Crypto site, is there any possibility/usefulness
in <br>
reporting this violation to the organization you achieved our
legitimacy <br>
from? As the code has been ripped out and republished
elsewhere, beyond <br>
our controls.<br>
<br>
K, r<br>
<br>
On 5/28/20 9:37 PM, Robert Withers wrote:<br>
><br>
> On 5/28/20 7:40 PM, Levente Uzonyi wrote:<br>
>> On Thu, 28 May 2020, tim Rowledge wrote:<br>
>><br>
>>>> On 2020-05-28, at 4:04 PM, Paul DeBruicker
<<a href="mailto:pdebruic@gmail.com" target="_blank">pdebruic@gmail.com</a>> wrote:<br>
>>>><br>
>>>> Uhh. Hmmm. Which version of that Blowfish
code are you using?<br>
>>> The version included in the cryptology package on
squeaksource, within the Cryptology-Ciphers package. Ron
mentioned recently that we have to be very careful about where
this stuff gets published.<br>
>>><br>
>>><br>
>>>> I think his version is here:<br>
>>>> <a href="http://www.smalltalkhub.com/#!/~Cryptography/Cryptography" rel="noreferrer" target="_blank">http://www.smalltalkhub.com/#!/~Cryptography/Cryptography</a><br>
>>> Seems to be a more or less innaccessible site
these days? I haven't been able to get to it in ages.<br>
>> It was announced to be shut down and replaced with a
static site[1], but<br>
>> only on the Pharo list because who cares about other
users.<br>
> How unfortunate. I wanted to comment on the insular
nature of their<br>
> larceny. Cryptography can only be published in the squeak
source<br>
> repository. A lot of work went into it. Add it to the
list...<br>
><br>
> K, r<br>
><br>
>> I suppose the migration[2] was not successful. The
website complains about<br>
>> jquery not being loaded.<br>
>> Anyway, with some url mangling, the listing is
available here:<br>
>> <a href="http://www.smalltalkhub.com/mc/Cryptography/Cryptography/main" rel="noreferrer" target="_blank">http://www.smalltalkhub.com/mc/Cryptography/Cryptography/main</a><br>
>><br>
>><br>
>> Levente<br>
>> [1] <a href="http://forum.world.st/ANN-SmalltalkHub-Deprecation-Notice-td5114407.html" rel="noreferrer" target="_blank">http://forum.world.st/ANN-SmalltalkHub-Deprecation-Notice-td5114407.html</a><br>
>> [2] <a href="http://forum.world.st/ANN-Smalltalkhub-Readonly-Migration-tuesday-8hs-server-maintenance-migration-td5116817.html" rel="noreferrer" target="_blank">http://forum.world.st/ANN-Smalltalkhub-Readonly-Migration-tuesday-8hs-server-maintenance-migration-td5116817.html</a><br>
>><br>
>>> tim<br>
>>> --<br>
>>> tim Rowledge; <a href="mailto:tim@rowledge.org" target="_blank">tim@rowledge.org</a>;
<a href="http://www.rowledge.org/tim" rel="noreferrer" target="_blank">http://www.rowledge.org/tim</a><br>
>>> Hardware: The parts of a computer system that can
be kicked.<br>
<br>
<br>
</blockquote>
</div>
</blockquote>
</div></blockquote></div>