openSUSE and the "EAR" Export Administration Regulations, how are we to understand this?

In the license before starting openSUSE installation is stated:

You acknowledge that openSUSE 42.2 is subject to the U.S. Export Administration Regulations (the “EAR”) and you agree to comply with the EAR. You will not export or re-export openSUSE 42.2 directly or indirectly, to: (1) any countries that are subject to US export restrictions; (2) any end user who you know or have reason to know will utilize openSUSE 42.2 in the design, development or production of nuclear, chemical or biological weapons, or rocket systems, space launch vehicles, and sounding rockets, or unmanned air vehicle systems, except as authorized by the relevant government agency by regulation or specific license; or (3) any end user who has been prohibited from participating in the US export transactions by any federal agency of the US government. By downloading or using openSUSE 42.2, you are agreeing to the foregoing and you are representing and warranting that You are not located in,under the control of, or a national or resident of any such country or on any such list. In addition, you are responsible for complying with any local laws in Your jurisdiction which may impact Your right to import, export or use openSUSE 42.2. Please consult the Bureau of Industry and Security web page www.bis.doc.gov before exporting items subject to the EAR. It is your responsibility to obtain any necessary export approvals.

If the majority of the openSUSE software components are released under the GPL, then does this restriction apply to the programs and software within the system, the binaries or the source code? Somebody enlighten me here.
Second is this restriction discriminatory vs fields of endeavor ? For instance the Debian social contract clearly states that there should be no discrimination against fields of endeavor for instance, genetic research. I assume according to this restriction I am agreeing not to use openSUSE in drone or using openSUSE to develop software for drones, even for personal use, because they are unmanned aircraft aren’t they?
Third if Suse GMBH is a German company and not an American company why is there such an export restriction?

The openSUSE license is here, and yes it is for version 42.2 but it is still the same for the other versions as well. https://en.opensuse.org/openSUSE:License

I hope you understand that your audience here is your fellow openSUSE users. It could be that there are some with enough juridical knowledege, but …

Hello Henk,
All of my fellow openSUSE users have agreed to this license when they installed openSUSE. So obviously the license is intended for end users to understand and agree. But probably many of them have not even read it as it has become custom to click “next” or “I agree” to long and boring licenses to read. But I read them. Because EULAs can bite sometimes. Ubuntu, Debian, do not present such a notice about export restrictions. CentOS doesn’t either, despite being US based as well. Nor do other US based distros, minor ones such as Gecko and some Ubuntu Variants. Only openSUSE and Fedora as far as I have seen. Fedora presents it at the download page and SUSE at the beginning of the installation and it has been there ever since I started to use it long time ago in 2011, when, if I remember correctly it was version 11 of the operating system. Now SUSE is a very nice distro with an excellent infrastructure. But the license bugs me a bit. Because I don’t want to be discriminated based on my field of endeavor. If that is the case, it would be probably best to choose another distribution such as Debian for example.

Have you ever dealt with U.S. ITAR restrictions, or is this just a “why is it there question”?

I don’t know what ITAR is. No I have never dealt with it. I kinda understand why it might be there, they don’t want nations who are in the black list to use US technologies against the US. But openSUSE is a community distribution just like Debian. There are people contributing from all over the world, sure maybe the majority is from the US but it is an open source technology project. But my issue is more like this; say I buy a drone, and I develop software for my drone using openSUSE. Right there I have breached the openSUSE license. A drone is unmanned aircraft. See my point?

i will explain it in simple terms:

If you ship any product from the U.S. to a “restricted country” that product has to be approved by the U.S. State Department. it really has no consequence as to whether that “agreement” is in the EULA or not. The U.S. citizen is still bound by that requirement whether it is Red Hat, CentOS, Ubuntu, etc.

You have not “breached the agreement” unless you ship the drone to a “restricted country” without approval. There are lists of approved products within the State Department.

Edit: **International Traffic in Arms Regulations (ITAR) **is generally in place on software because of the encryption.

Makes sense. Interesting. Thanks for the replies though.

Still,
IMO the section quoted has limited utility.

Software, and especially this case an operating system is a very generic product, and its usefulness is not its default state but how it’s modified (ie configuration). The <configuration> exists as an independent state, not unique to any specific instance of openSUSE (you can take a configuration and apply to <any> openSUSE anywhere in the world without exporting anything).

Unless you have a very unique openSUSE which would likely include some kind of hardware such as physical interfaces and connections to other systems, I just don’t see any usefulness in export restrictions.

I guess it comes down to how you define an openSUSE product… Is it only the software, or is it the entire physical machine, a combination of software and hardware, perhaps fully configured?

IMO,
TSU

Agreed. I have no idea why they included the agreement. i was just trying to help the OP understand that there was nothing of concern and what ITAR was in general terms. Why it is included in the EULA I would only have to guess at.

I do know from experience that U.S. contractors are very concerned about software licensing when it comes to developing applications for sale in contracts, and for some even what software is on their network. I assume those in the EU and other countries have the same regulations and concerns. Fortunately I was always able to push those issues up stream to those hired to manage those concerns.

What if I ship the drone from Europe where such export restrictions do not apply and I used openSUSE to develop software for the drone or used openSUSE as a system on the drone? Hypothetical scenario

Remove openSUSE from the discussion. Assuming you are a U.S. entity it doesn’t matter where you are located. Shipments to a “restricted country” requires U.S. State/Commerce Departments paperwork for certain technologies.

Many large U.S. companies file the paperwork, no matter what country the technology is going to, and no matter what they are shipping. i have experienced that with technology being shipped to Mexico during the manufacturing migration. Some technology was easier to purchase from the foreign subsidiary of the U.S. vendor because they then handled the paperwork.

Long ago (in Internet time) when 3DES was not exportable some open source distributions insured non-U.S. people created that code to protect their developers because of the unknown of how the regulations would be interpreted. (I am pulling that from memory, but it is what I recall.)

Just downloaded SLES 15 Beta (Since it’s GMC, I assume it should go official any day now, a few weeks later than expected), and noticed the same licensing language discussed here.

Reading the complete license,
I was a bit surprised that the software is now and again owned by Novell which is an American company. That could be significant since the LEAP codebase is shared with SLES now, so could then be subject to USA import and export regulations and restrictions. The full license is also more expansive than the snippet in the original post, specifically stating that the User is not located in Syria, Iran, Cuba. Am a bit surprised that the list isn’t much longer, including countries like Russia(maybe because the Trump Administration has no objections?), China, etc. But then, why stop there and not add the countries we’re imposing steel and aluminum tariffs like Canada, Mexico, EU? And why stop even there? Surely Antarctica and others are not selling/trading enough with the USA to balance trade…

Who ever said that legal had to make sense, but if rules and regulations say something, then you can either comply or risk the consequences.

Here’s hoping the world realizes sometime soon that protectionalism hurts everyone but mainly the ignorant, and leaders with some business sense are put in position to set proper ground rules sometime soon…

IMO
</soapbox>
TSU

Novell is based in Provo, Utah. That city has one of highest percentage of Mormons. It’s an interesting fact. Mormons have been involved in American policies for a while now. I am also surprised, isn’t Suse GMBH a German company?

How do I edit my posts here?

https://forums.opensuse.org/content.php/100-Editing-a-Forum-Post

In particular…

Editing posts on these forums is time limited. After you have posted a message in our forums, you have approximately 10 minutes to edit it if needed. There are a couple of reasons for this:

First, we have two interfaces on our servers, HTTP and NNTP. The NNTP protocol doesn’t support message editing and the interfaces are synchronized every 10 minutes. If we allowed further editing on the web side, the posts on the two interfaces would become out of sync.

Even if we didn’t have the http/nntp interface issue, we would still limit message editing as once a message has replies, if the original post is edited, the replies may no longer be relevant or could even be dangerous to anyone reading the thread.

Well I take this back, this is irrelevant to the issue. It does not matter if the team who works on openSUSE at Novell is Mormon or not.

How may the (USA) EAR apply when SUSE is sold by (UK) Micro Focus to Blitz 18-679 GmbH (the “Purchaser”), a newly incorporated indirectly wholly-owned subsidiary of EQTVIII SCSp (“EQT”) a private equity group in Sweden ?

How will this effect openSUSE ?

http://otp.investis.com/clients/uk/microfocus/rns/regulatory-story.aspx?cid=108&newsid=1096070

extract:

Micro Focus International plc

Proposed sale of the SUSE Business for $2.535 billion

Micro Focus International plc (“the Company” or “Micro Focus”, LSE: MCRO.L, NYSE: MFGP), the global infrastructure software business, is pleased to announce that it has agreed definitive terms to sell its SUSE business segment (the “SUSE Business”) to Blitz 18-679 GmbH (the “Purchaser”), a newly incorporated indirectly wholly-owned subsidiary of EQTVIII SCSp (“EQT”) which is advised by EQT Partners, for a total cash consideration of $2.535 billion (the “Disposal Consideration”) (the “Transaction”) on a cash and debt free basis and subject to normalisation of working capital.

and

  1. INFORMATION ON THE PURCHASER AND EQT

The Purchaser is a newly incorporated indirectly wholly-owned subsidiary of EQT, a leading private equity group founded in 1994 in Sweden, with offices in 14 countries across Europe, Asia and North America.

EQT invests in companies, sectors and regions where it has the specialist expertise to know it can make a genuine difference through the consistent application of the industrial approach and growth strategy. EQT has approximately 540 employees, of whom 330 are within the investment advisory teams. As at the date of this announcement, EQT had approximately €50 billion in raised capital across 27 different funds.