lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <f90bba20e86dac698472d686be7ec565736adca0.camel@HansenPartnership.com>
Date: Thu, 24 Oct 2024 12:27:49 -0400
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: Jiaxun Yang <jiaxun.yang@...goat.com>, Serge Semin
 <fancer.lancer@...il.com>,  Jon Mason <jdmason@...zu.us>, Dave Jiang
 <dave.jiang@...el.com>, Allen Hubbe <allenbh@...il.com>, 
 ntb@...ts.linux.dev, Andy Shevchenko <andy@...nel.org>, Andy Shevchenko
 <andriy.shevchenko@...ux.intel.com>, Kory Maincent
 <kory.maincent@...tlin.com>,  Cai Huoqing <cai.huoqing@...ux.dev>,
 dmaengine@...r.kernel.org, Mark Brown <broonie@...nel.org>, 
 linux-spi@...r.kernel.org, Damien Le Moal <dlemoal@...nel.org>, 
 linux-ide@...r.kernel.org, "paulburton@...nel.org" <paulburton@...nel.org>,
  Thomas Bogendoerfer <tsbogend@...ha.franken.de>, Arnd Bergmann
 <arnd@...db.de>, "linux-mips@...r.kernel.org" <linux-mips@...r.kernel.org>,
 Bjorn Helgaas <bhelgaas@...gle.com>,  Manivannan Sadhasivam
 <manivannan.sadhasivam@...aro.org>, Yoshihiro Shimoda
 <yoshihiro.shimoda.uh@...esas.com>, linux-pci <linux-pci@...r.kernel.org>,
 "David S . Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>,
 Paolo Abeni <pabeni@...hat.com>, Andrew Lunn <andrew@...n.ch>, Russell King
 <linux@...linux.org.uk>, Vladimir Oltean <olteanv@...il.com>, Kelvin Cheung
 <keguang.zhang@...il.com>, Yanteng Si <siyanteng@...ngson.cn>, 
 netdev@...r.kernel.org, Rob Herring <robh@...nel.org>, Krzysztof Kozlowski
 <krzk@...nel.org>, Guenter Roeck <linux@...ck-us.net>, 
 linux-hwmon@...r.kernel.org, Borislav Petkov <bp@...en8.de>, 
 linux-edac@...r.kernel.org, Greg Kroah-Hartman
 <gregkh@...uxfoundation.org>,  linux-serial@...r.kernel.org
Cc: Andrew Halaney <ajhalaney@...il.com>, Nikita Travkin <nikita@...n.ru>, 
 Ivan Kokshaysky <ink@...assic.park.msu.ru>, Alexander Shiyan
 <shc_work@...l.ru>, Dmitry Kozlov <xeb@...l.ru>,  Sergey Shtylyov
 <s.shtylyov@....ru>, Evgeniy Dushistov <dushistov@...l.ru>, Geert
 Uytterhoeven <geert@...ux-m68k.org>, Sergio Paracuellos
 <sergio.paracuellos@...il.com>,  Nikita Shubin <nikita.shubin@...uefel.me>,
 linux-renesas-soc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: linux: Goodbye from a Linux community volunteer

On Thu, 2024-10-24 at 16:59 +0100, Jiaxun Yang wrote:
> 
> 
> 在2024年10月24日十月 下午3:50,James Bottomley写道:
> > On Thu, 2024-10-24 at 07:27 +0300, Serge Semin wrote:
> > > Hello Linux-kernel community,
> [...]
> 
> Hi James,
> 
> Sorry to chime in here, and thanks for making things clear.
> 
> However, I have some questions regarding this statement, please see
> below:
> 
> > Please accept all of our apologies for the way this was handled.  A
> > summary of the legal advice the kernel is operating under is
> 
> In what capacity this statement was made, i.e, who is "our" here and
> "we" below? Are you representing any formal group in this case?

It's Linux, so no official capacity at all.  However, I am expressing
the views of a number of people I talked to but it's not fair of me to
name them.

> >    If your company is on the U.S. OFAC SDN lists, subject to an
> > OFAC
> >    sanctions program, or owned/controlled by a company on the list,
> > our
> >    ability to collaborate with you will be subject to restrictions,
> > and
> >    you cannot be in the MAINTAINERS file.
> > 
> > Anyone who wishes to can query the list here:
> > 
> > https://sanctionssearch.ofac.treas.gov/
> 
> I did a quick search and found the following entry:
> 
> HUAWEI TECHNOLOGIES CO., LTD. Under CMIC-EO13959 sanction program.
> 
> Although it's a Non-SDN sanction, it can still be interpreted as
> "subject to an OFAC sanctions program".
> 
> How should we handle it?

A big chunk of the reason it's taken so long just to get the above is
that the Lawyers (of which I'm not one) are still discussing the
specifics and will produce a much longer policy document later, so they
don't want to be drawn into questions like this.  However, my non-
legal-advice rule of thumb that I'm applying until I hear otherwise is
not on the SDN list, not a problem.

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ