| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7ee74c1b5b589619a13c6318c9fbd0d6ac7c334a.camel@HansenPartnership.com> Date: Thu, 24 Oct 2024 11:39:11 -0400 From: James Bottomley <James.Bottomley@...senPartnership.com> To: geert@...ux-m68k.org Cc: gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org, patches@...ts.linux.dev Subject: Re: [PATCH] MAINTAINERS: Remove some entries due to various compliance requirements. > On Fri, 18 Oct 2024, Greg Kroah-Hartman wrote: > > Remove some entries due to various compliance requirements. They > > can come back in the future if sufficient documentation is > > provided. > > This is very vague... We finally got clearance to publish the actual advice: If your company is on the U.S. OFAC SDN lists, subject to an OFAC sanctions program, or owned/controlled by a company on the list, our ability to collaborate with you will be subject to restrictions, and you cannot be in the MAINTAINERS file. > What are "various compliance requirements"? > What does "sufficient documentation" mean? The documentation Greg is looking for (which a group of Lawyers at the LF will verify) is that someone in the removed list doesn't actually work for an OFAC SDN sanctioned entity. > I can guess, but I think it's better to spell out the rules, as Linux > kernel development is done "in the open". I am also afraid this is > opening the door for further (ab)use... I agree we should have been more transparent about this but I think it would be hard for someone other than Greg to get a Maintainer removed on the "compliance issue" grounds so it's probably not that open to abuse. Regards, James
Powered by blists - more mailing lists