| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6beb4070-1946-4387-bd0e-34608a76b19e@typeblog.net>
Date: Thu, 24 Oct 2024 12:30:59 -0400
From: Peter Cai <peter@...eblog.net>
To: James Bottomley <James.Bottomley@...senPartnership.com>,
Serge Semin <fancer.lancer@...il.com>, Jon Mason <jdmason@...zu.us>,
Dave Jiang <dave.jiang@...el.com>, Allen Hubbe <allenbh@...il.com>,
ntb@...ts.linux.dev, Andy Shevchenko <andy@...nel.org>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Kory Maincent <kory.maincent@...tlin.com>,
Cai Huoqing <cai.huoqing@...ux.dev>, dmaengine@...r.kernel.org,
Mark Brown <broonie@...nel.org>, linux-spi@...r.kernel.org,
Damien Le Moal <dlemoal@...nel.org>, linux-ide@...r.kernel.org,
Paul Burton <paulburton@...nel.org>,
Thomas Bogendoerfer <tsbogend@...ha.franken.de>,
Arnd Bergmann <arnd@...db.de>, Jiaxun Yang <jiaxun.yang@...goat.com>,
linux-mips@...r.kernel.org, Bjorn Helgaas <bhelgaas@...gle.com>,
Manivannan Sadhasivam <manivannan.sadhasivam@...aro.org>,
Yoshihiro Shimoda <yoshihiro.shimoda.uh@...esas.com>,
linux-pci@...r.kernel.org, "David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Andrew Lunn <andrew@...n.ch>, Russell King <linux@...linux.org.uk>,
Vladimir Oltean <olteanv@...il.com>, Keguang Zhang
<keguang.zhang@...il.com>, Yanteng Si <siyanteng@...ngson.cn>,
netdev@...r.kernel.org, Rob Herring <robh@...nel.org>,
Krzysztof Kozlowski <krzk@...nel.org>, Guenter Roeck <linux@...ck-us.net>,
linux-hwmon@...r.kernel.org, Borislav Petkov <bp@...en8.de>,
linux-edac@...r.kernel.org, Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-serial@...r.kernel.org
Cc: Andrew Halaney <ajhalaney@...il.com>, Nikita Travkin <nikita@...n.ru>,
Ivan Kokshaysky <ink@...assic.park.msu.ru>,
Alexander Shiyan <shc_work@...l.ru>, Dmitry Kozlov <xeb@...l.ru>,
Sergey Shtylyov <s.shtylyov@....ru>, Evgeniy Dushistov <dushistov@...l.ru>,
Geert Uytterhoeven <geert@...ux-m68k.org>,
Sergio Paracuellos <sergio.paracuellos@...il.com>,
Nikita Shubin <nikita.shubin@...uefel.me>,
linux-renesas-soc@...r.kernel.org, linux-kernel@...r.kernel.org,
Kexy Biscuit <kexybiscuit@...c.io>, jeffbai@...c.io,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: linux: Goodbye from a Linux community volunteer
Hi James,
Thanks for your clarification. This sort of non-provocative
clarifications of the regulations you need to comply to has always been
what the community wants to see. _This_ should have been the first
official statement when anyone raised the concern, instead of Greg's
attempt to "defuse" the situation over private correspondence, or Linus
Torvald's outright defamation and accusing anyone who dares to disagree
of being a "Russian troll". This is not even to mention the _complete
ignorance_ and arrogance shown by his statement on what sending a revert
patch means.
With sanctions in place, there is no reasonable person who will demand
the LF or the Linux Kernel maintainers to do otherwise. However, as
someone who does rely on Linux for daily work, and as someone who has
contributed to the Linux project and its community, I think seeing the
following should be the minimum:
1. Linus Torvalds (+Cc) send an apology letter to **everyone** who he
accused of being a Russian troll;
2. Linus Torvalds need to **unconditionally retract** his personal
attack on Kexy Biscuit, the person who sent the revert patch in protest
(+Cc), and acknowledge that people who work with AOSC.io aren't
"state-sponsored paid actors";
3. This type of statement should be included somewhere public as soon as
practically possible should sanction compliance affect kernel
development again in the future;
4. No personal attacks should be allowed based on tinfoil-hat reasoning.
Thanks,
Peter.
On 10/24/24 10:50 AM, James Bottomley wrote:
> On Thu, 2024-10-24 at 07:27 +0300, Serge Semin wrote:
>> Hello Linux-kernel community,
>>
>> I am sure you have already heard the news caused by the recent Greg'
>> commit 6e90b675cf942e ("MAINTAINERS: Remove some entries due to
>> various compliance requirements."). As you may have noticed the
>> change concerned some of the Ru-related developers removal from the
>> list of the official kernel maintainers, including me.
>>
>> The community members rightly noted that the _quite_ short commit log
>> contained very vague terms with no explicit change justification. No
>> matter how hard I tried to get more details about the reason, alas
>> the senior maintainer I was discussing the matter with haven't given
>> an explanation to what compliance requirements that was.
>
> Please accept all of our apologies for the way this was handled. A
> summary of the legal advice the kernel is operating under is
>
> If your company is on the U.S. OFAC SDN lists, subject to an OFAC
> sanctions program, or owned/controlled by a company on the list, our
> ability to collaborate with you will be subject to restrictions, and
> you cannot be in the MAINTAINERS file.
>
> Anyone who wishes to can query the list here:
>
> https://sanctionssearch.ofac.treas.gov/
>
> In your specific case, the problem is your employer is on that list.
> If there's been a mistake and your employer isn't on the list, that's
> the documentation Greg is looking for.
>
> I would also like to thank you for all your past contributions and if
> you (or anyone else) would like an entry in the credit file, I'm happy
> to shepherd it for you if you send me what you'd like.
>
> Again, we're really sorry it's come to this, but all of the Linux
> infrastructure and a lot of its maintainers are in the US and we can't
> ignore the requirements of US law. We are hoping that this action
> alone will be sufficient to satisfy the US Treasury department in
> charge of sanctions and we won't also have to remove any existing
> patches.
>
> Regards,
>
> James Bottomley
>
Powered by blists - more mailing lists