lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241024164939.GL3204734@mit.edu>
Date: Thu, 24 Oct 2024 12:49:39 -0400
From: "Theodore Ts'o" <tytso@....edu>
To: quake <quake.wang@...il.com>
Cc: linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Remove Huawei

On Thu, Oct 24, 2024 at 12:26:37PM +0900, quake wrote:
> From: Quake Wang <quake.wang@...il.com>
> 
> Remove some entries due to various compliance requirements. They
> cannot come back in the future as huawei is sanctioned by most
> freedom countries in the world.

Note that there are multiple sanction regimes and exactly what the
rules are vary from country to country.  At least in the US there are
exemptions that mean that I can accept patches and send code reviews
for engineers from Huawei so long as they occur in a public forum,
such as the LKML mailing lists.  As a result, folks may have noticed
that there are ext4 patches from Huawei, and I personally consider
them very valuable contributors to the ext4 community.

These exemptions may not apply in different countries, and for
different sanctioned entities.  I will note that China is not
currently attacking Taiwan militarily at the moment, while Russian
misiles and drones, some of which might be using embedded Linux
controllers, *are* actively attacking another country even as we
speak.  So it might not be surprising that the rules might be
different for different sanctioned entities.

Finally, please remember that kernel developers don't make the rules.
Those laws are made by the US, European, Japanese, and other
governments.  My personal priorites are to make sure that *I* don't
run afoul of any local civil or criminal penalties, and to make sure
that other Linux developers can also stay safe.  That being said, I'm
not a lawyer, and so please don't take anything I say as legal advice.
What I'm comfortable doing as the ext4 maintainer living in the US
might not be applicable for someone else who might have different
circumstances.

So for example, it could very much be the case that other countries
have *stricter* laws, and if you are acting as a maintainer, in terms
of accepting other people's code, or providing design guidance (which
may be considered "providing technical assistance" in some countries'
laws) --- if you are uncertain, please reach out to a lawyer.

	       		     	      - Ted

P.S.  This has always been the case, even before one country invaded
another; maintainers take on real legal responsibilities as part of
their work.  It's just that the consequences of copyright and patent
issues were much less than when there are sanctions involving
countries who are actively at war with others.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ