Downloads Blocked to Cuba, Iran, North Korea, Sudan, and Syria

As some of our users discovered, about two weeks ago, SourceForge.net (which hosts all our open source software), began blocking downloads from IP addresses in Cuba, Iran, North Korea, Sudan, and Syria. This is due to those countries being on the United States Office of Foreign Assets Control (OFAC) sanction list.

Yesterday, SourceForge.net removed the blanket blocking and provided projects with the ability to select between two options in the Project settings:

SourceForge.net Project Settings
1. This project does NOT incorporate, access, call upon, or otherwise use encryption of any kind, including, but not limited to, open source algorithms and/or calls to encryption in the operating system or underlying platform.

2. This project DOES incorporate, access, call upon or otherwise use encryption. Posting of open source encryption is controlled under U.S. Export Control Classification Number "ECCN" 5D002 and must be simultaneously reported by email to the U.S. government. You are responsible for submitting this email report to the U.S. government in accordance with procedures described in: http://www.bis.doc.gov/encryption/PubAvailEncSourceCodeNotify.html and Section 740.13(e) of the Export Administration Regulations ("EAR") 15 C.F.R. Parts 730-772.

The default selection for all SourceForge projects is the 2nd (to err on the side of caution). Project owners can change the selection to the first option, which will open up downloads to countries on the sanction list.

Unfortunately, we can not change the setting of our project to the first option. We have multiple applications hosted on SourceForge which utilize encryption including Firefox, Thunderbird, Sunbird, Songbird, FileZilla, KeePass, Toucan, KompoZer, 7-Zip, Miranda IM, Pidgin, PuTTY, SeaMonkey, WinSCP, WinWGet, OpenOffice.org, PDFTK Builder, PNotes and PeaZip. To select the other option would be a knowing violation of the law on our part and would expose us to possible fines or imprisonment.

The only real possibility would be to split the SourceForge PortableApps.com project into two pieces with all the apps with encryption on one project (with the block) and everything else on the other (without the block). Unfortunately, that wouldn't really be very useful as users behind the block wouldn't have access to the suite, browsers, ftp, email, IM, archives or an office suite... which isn't terribly useful.

In the end, there is no real workaround for us. Google Code (the other big open source host) also blocks downloads to those countries as they are also under US law. Using another server in another country to try to get around the issue would also subject us to possible fines or imprisonment. The only real way to 'fix' this and get all users access would be for the US government to change their policy. Until then, we will be unable to provide apps to users in the affected countries.

Kind Regards,
John