A
A
andrey_nado2021-01-29 13:03:46
open source
andrey_nado, 2021-01-29 13:03:46

What is the correct way to answer this request from the USA?

Hello. I am the author of a small open-source library published on SourceForge.net about 10 years ago. The other day I received an email from an address in the subdomain .govowned by some US government organization.

Text of the letter (minus personal information):

======================================== =======================
Good afternoon,

My name is [User Name] and I work for the [Department Name] at [Organization Name] in [Organization Location]. In compliance with Section 514 of the Consolidated Appropriations Act, 2020, Public Law 116-94, enacted December 20, 2019, I am required to obtain Country of Origin information from the Company that develops, produces, manufactures, or assembles any product defined as “Information Technology” by the Federal Acquisition Regulation (FAR).

Please provide an email response or a formal document (a PDF on company letterhead is preferred, but a simple statement is sufficient) specifically identifying the country, or countries, in which the [Product Name] Software is developed and maintained.

If the country of origin is outside the United States, please provide any information you may have stating that testing is performed in the United States prior to supplying products to customers.

Additionally, if available, please identify all authorized resellers of the product in question.

Lastly, please confirm that the product(s) in question is not manufactured by, contain critical components developed by, or receive substantial political or monetary influence from entities prohibited by Section 889 of the 2019 NDAA. These entities include the following companies and any of their subsidiaries or affiliates:

Hytera Communications Corporation
Huawei Technologies Company
ZTE Corporation
Dahua Technology Company
Hangzhou Hikvision Digital Technology Company

Please let me know if you have any questions.
================================================= ==============

I am a resident of the Russian Federation. The library is published under an open license. In addition to the source texts of the library, its binary assemblies are published on SourceForge.net. I am not engaged in sale of library and its paid support. I only distribute the library as part of my other products.

Please help me to answer this question correctly. Thanks in advance.

Answer the question

In order to leave comments, you need to log in

6 answer(s)
A
Alexey Ukolov, 2021-01-29
@andrey_nado

Please provide an email response specifically identifying the country in which the [Product Name] Software is developed and maintained.
Please indicate your country in the email...
If the country of origin is outside the United States, please provide any information you may have stating that testing is performed in the United States prior to supplying products to customers.
... tell me that you haven't done any testing in the USA, but you don't know anything about others...
Additionally, if available, please identify all authorized resellers of the product in question.
...because the software is free, nobody resells it...
Lastly, please confirm that the product(s) in question is not manufactured by, contain critical components developed by, or receive substantial political or monetary influence from entities prohibited by Section 889 of the 2019 NDAA.
... you do not know any of the listed companies and have not received any money from them.
It's just bureaucrats collecting information about the software they use. From you, except for this information, they do not need anything and nothing threatens you. Even if you received money from these organizations, and the program was written at an Iranian nuclear station, they will simply have to stop using it, but they will not do anything to you.
Just write the answer in your own words, if something is not clear to them, they will clarify.

M
Maxim Korneev, 2021-01-29
@MaxLK

Judging by the list of companies, they simply check whether they are under sanctions or not. Apparently they are using the library and they have knocked Malech off. I suspect that this letter can simply be scored and not answered.

O
Oleg, 2021-01-30
@402d

You are neither warm nor cold from this company.
that's how they wrote it to them, citing their request. Let them translate from Russian.


I - (Imerek) - a resident of the Russian Federation. Sole developer of the library.
The library is published under an open license. In addition to the source texts of the library, its binary assemblies are published on SourceForge.net. I am not engaged in sale of library and its paid support.

J
Julia Bedrosova, 2021-01-30
@Bedrosova

I would definitely write an answer: I would ask why they need this information, if they use my software and if I can place their logo on my website in the section of my clients / users of my software.

F
fdroid, 2021-01-29
@fdroid

Don't react at all. This very .gov is nobody for you and there is no way to call it.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question