Update encryption export control notices on *.mozilla.org sites

VERIFIED FIXED

Status

Websites
other.mozilla.org
VERIFIED FIXED
12 years ago
12 years ago

People

(Reporter: Frank Hecker, Assigned: Frank Hecker)

Tracking

Details

Attachments

(1 attachment)

(Assignee)

Description

12 years ago
The encryption export control notices on the various *.mozilla.org sites are inconsistent and out of date. For example, some notices refer to countries like Afghanistan or Iraq that are no longer subject to the same export control treatment as North Korea, etc. All such notices should be updated to a single standard notice to the maximum extent possible.

The notice to be used will be based on that given in note 2 of <http://www.steptoe.com/publications/EncryptionChart.pdf>:

This hardware/software is subject to the U.S. Export Administration Regulations and other U.S. law, and may not be exported or re-exported to certain countries (currently Cuba, Iran, Libya, North Korea, Sudan and Syria) or to persons or entities prohibited from receiving U.S. exports (including those (a) on the Bureau of Industry and Security Denied Parties List or Entity List, (b) on the Office of Foreign Assets Control list of Specially Designated Nationals and Blocked Persons, and (c) involved with missile technology or nuclear, chemical or biological weapons).

(The words "hardware/software" will be changed as necessary to reflect the particular item to which the notice applies.)
(Assignee)

Comment 1

12 years ago
Grepping the www.mozilla.org source for 're-export' gives the following files that apparently have copies of the notice:

html/mirroring.html
html/projects/seamonkey/releases/1.0.html
html/projects/seamonkey/releases/1.0a.html
html/projects/seamonkey/releases/1.0b.html
html/projects/seamonkey/releases/index.html
html/projects/security/pki/nss/faq.html
html/projects/security/pki/src/download.html
html/releases/index.html
html/releases/mozilla1.0.1.html
html/releases/mozilla1.0.2.html
html/releases/mozilla1.0.html
html/releases/old-releases-0.9.2-1.0rc3.html
html/releases/old-releases-1.1-1.4rc3.html
html/releases/old-releases.html
Status: NEW → ASSIGNED
Is this bug only for www.mozilla.org or for all *.mozilla.[org|com] sites?
(Assignee)

Comment 3

12 years ago
It's for all *.mozilla.org sites, but excludes mozilla.com sites controlled by the Mozilla Corporation. Those will need to be fixed too, but the notice may be slightly different, and I won't be the person making the changes.

My plan is to first fix all the references on www.mozilla.org, and then look at the other *.mozilla.org sites. I'll fix what I can, and then we can either open up a new bug or (re)assign this one to someone else.
(Assignee)

Comment 4

12 years ago
Created attachment 220471 [details] [diff] [review]
Patch to update www.mozilla.org for new export control notice

Here are all the patches that should be needed for www.mozilla.org, for all the files referenced above. I've double-checked all the generated pages and they look OK. Note that in many cases the previous notice referred to "source code" when it should have referred to "software"; I've updated the wording as appropriate.
(Assignee)

Comment 5

12 years ago
I've updated the following pages on developer.mozilla.org where the encryption export control notice appears in English:

http://developer.mozilla.org/en/docs/Download_Mozilla_Source_Code
http://developer.mozilla.org/cn/docs/%E4%B8%8B%E8%BD%BDMozilla%E6%BA%90%E4%BB%A3%E7%A0%81

The following page has a translated notice that needs to be updated:

http://developer.mozilla.org/fr/docs/T%C3%A9l%C3%A9chargement_du_code_source_de_Mozilla

As far as I can tell this notice doesn't appear on developer.mozilla.org in any other language.
Comment on attachment 220471 [details] [diff] [review]
Patch to update www.mozilla.org for new export control notice

Frank,

Do you have access to commit this yourself, or do you need one of the web monkeys to commit it for you?
(Assignee)

Comment 7

12 years ago
I have commit access to www.mozilla.org. However I'm not going to check the changes in tonight because I want to go to bed and don't want to hang around to make sure the site gets updated properly. I'll check them in tomorrow.
(Assignee)

Comment 8

12 years ago
The notice appears in at least two places on ftp.mozilla.org:

http://ftp.mozilla.org/pub/mozilla.org/security/export-notice
http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/export-notice

(Thanks to Zak Greant who did some Google queries to track these pages down, as well as the pages on developer.mozilla.org.)

I don't have write access to ftp.mozilla.org, so someone else will have to make the changes.
(Assignee)

Comment 9

12 years ago
I've checked in the changes to www.mozilla.org (for all the files mentioned above) and have verified that the corresponding pages got updated correctly.

Next task: Get ftp.mozilla.org updated.
Depends on: 336308
(In reply to comment #8)
> The notice appears in at least two places on ftp.mozilla.org:
> 
> http://ftp.mozilla.org/pub/mozilla.org/security/export-notice
> http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/export-notice

Filed bug 336308 on the issue.
No longer depends on: 336308
Depends on: 336308
(Assignee)

Comment 11

12 years ago
Now that bug 336308 is FIXED VERIFIED, this bug can be marked as FIXED as well. All changes to www.mozilla.org and developer.mozilla.org have been made and verified. The only other *.mozilla.org references appear to be historical references in the CVS logs.
Status: ASSIGNED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → FIXED
(Assignee)

Comment 12

12 years ago
Two more points: 1) I have already verified that the changes got made to www.mozilla.org and developer.mozilla.org, so I'm marking this bug VERIFIED as well.

Also, although it wasn't within scope for this bug, I couldn't find any instances of the export notices on www.mozilla.com or indeed on any *.mozilla.com site. If anyone does find any please open up a new bug so we can get those fixed.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.