[Dailydave] More Wassenaar, Sorry

Dave Aitel dave at immunityinc.com
Mon Dec 28 09:44:42 EST 2015

I feel like every time anyone mentions Wassenaar they should have to
apologize, like when you're discussing the Star Wars prequels or spawn
camping in an online game.

Anyways, let me drop some bad news: Although everyone says Metasploit
(the free version) would not be effected by the proposed wording of the
Agreement - that's only true for the finished product. Of course, as you
are building Metasploit core or modules, you are basically forking
Metasploit to your own private version. The Commerce department FAQs
went on an on about your "intent" to make something public being part of
their consideration as to something that needs or does not need an
export license.

But let's just say this is EXTREMELY FLIMSY LEGAL PROTECTION. If you
work on a module with someone international, and you decide for whatever
reason not to make it public and open source, you are most likely
criminally liable. Not only is the agreement bad news because it doesn't
deal with what Software is, but it is bad news because it does not deal
with how it is built in this day and age.

reasons[In short, export control is a horrible place for any kind of
regulation around this kind of thing to live]+=1  ;)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20151228/13244603/attachment.sig>

More information about the Dailydave mailing list