INQUIRY: Export Classification Controls

Brian Inglis
Thu Oct 29 01:48:38 GMT 2020

Hi Michelle,

Cygwin is a global, all-volunteer, open source project, offering free (in many
senses) packages of software from other global, often volunteer, open source
projects, which will run together and allow users to "Get that /Linux/ feeling -
on Windows".

The only answers you will likely get, will have to be from reading the
information on this web site and others, or by engaging open source software
consultants and consulting IP lawyers to do so, and answer your questions.
There may be some such folks working at Deloitte.

Anything any one says about the project are only our/their personal opinions,
and may bear no relation to the actuality, reality, or the truth.

Pointers below:
> Problem reports:
> FAQ:        
> Documentation:
> Unsubscribe info:

"Does Cygwin™ have an ECCN number?
No. Cygwin source and binary are made publicly available and free of charge to
download so Cygwin is provided under TSU/TSPA exemption. As a result, Cygwin
does not require an ECCN number."

Please note that the licensing terms require you to bundle, or make available
online, the exact copies of any Cygwin packages source code, that you distribute
in a binary form elsewhere. From the same web page:

"What are the licensing terms?
Most of the tools are covered by the GNU GPL, some are public domain, and others
have a X11 style license. To cover the GNU GPL requirements, the basic rule is
if you give out any binaries, you must also make the source available. For the
full details, be sure to read the text of the GNU General Public License (GPL).

The Cygwin™ API library found in the winsup subdirectory of the source code is
covered by the GNU Lesser General Public License (LGPL) version 3 or later. For
details of the requirements of LGPLv3, please read the GNU Lesser General Public
License (LGPL).

For more information on the GPL see the GPL FAQ."

Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.
[Data in binary units and prefixes, physical quantities in SI.]

On 2020-10-28 16:16, Hahn, Michelle via Cygwin wrote:
> Dear Cygwin,
> My name is Michelle Hahn and I am a Tax Consultant I in the export controls practice at Deloitte. We are conducting an internal risk assessment of our client's third party software, which includes Cygwin. We would like to know if you have assigned an export control classification to Cygwin. If so, can you please share the ECCN with us. Export control classification numbers (sometimes called ECCNs) are specific alpha numeric codes that indicate whether the product or software needs an authorization to be exported. Some examples of export classification numbers for software could be 5A002, 5D002, or 5A992. If not, can you please answer the following questions related to the application and its capabilities:
> 1
> What is the commercial purpose of the application?
> 2
> Is one of the primary functions of the application communications/networking e.g. chatting or instant messaging using text, images and video?
> 3
> Has the software been designed for use with any machinery? i.e. Operation of a device such as exploration equipment? If yes, please provide details
> 4
> How can the software be purchased e.g. through a website or as part of a service provision?
> 5
> Which devices is the software typically downloaded to? i.e. phone, tablet, asset shared computer?
> 6
> Does the software (including any of the sub applications) contain, use or call encryption (information security) functionality?
> Please in your answer provide details of the sub applications with such functionality.
> 7
> How does the software utilize cryptography? (commercially, what is it used for - i.e.. sending and receiving information, etc.)
> 8
> Is the encryption functionality of the software limited to performing any of the following:
> 1.a "Authentication"
> 1.b "Digital Signature"
> 1.c "Data integrity"
> 1.d "Non-repudiation"
> 1.e Digital rights management including the execution of copy-protected software 1.f Encryption or decryption in support of entertainment, mass commercial broadcasts or medical records management; or,
> 1.g Key management in support of any function described above
> 9
> Can users access or change cryptographic functionality in the software?
> 10
> Is the software designed or modified to perform cryptanalytic functions?

More information about the Cygwin mailing list