If it's open source then necessarily it's been approved by export control. Anything open-sourced obviously can't contain ballistic information which would violate ITAR. But by default, all internal software and documents/documentation related to spacecraft/aircraft are assumed to be sensitive until they've gone through the export control process.