lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZxnvkwZrkaeOCRAo@wunner.de>
Date: Thu, 24 Oct 2024 08:56:19 +0200
From: Lukas Wunner <lukas@...ner.de>
To: Geert Uytterhoeven <geert@...ux-m68k.org>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	patches@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] MAINTAINERS: Remove some entries due to various
 compliance requirements.

On Mon, Oct 21, 2024 at 09:49:56AM +0200, Geert Uytterhoeven wrote:
> On Fri, 18 Oct 2024, Greg Kroah-Hartman wrote:
> > Remove some entries due to various compliance requirements. They can come
> > back in the future if sufficient documentation is provided.
> 
> This is very vague...
> What are "various compliance requirements"?
> What does "sufficient documentation" mean?

Looking at what other organizations have done provides some clues.
E.g. the RIPE NCC initially took the stance:

   "The RIPE NCC provides critical services to its membership spread across
    a diverse geographical and political region.
    The Executive Board of the RIPE NCC believes that the means to communicate
    should not be affected by domestic political disputes, international
    conflicts or war. This includes the provision of correctly registered
    Internet numbering resources."
    https://www.ripe.net/about-us/news/ripe-ncc-executive-board-resolution-on-provision-of-critical-services/

However due to being governed by Dutch law, that policy had to be amended:

   "The Dutch Ministry of Foreign Affairs confirmed to us that IP resources
    are considered economic resources, as defined in the EU sanctions
    regulation, and must be frozen for sanctioned entities.
    The RIPE NCC complies with this restriction by freezing the registration
    (not the use) of the Internet number resources in the RIPE Database.
    This means that sanctioned entities cannot acquire further resources or
    transfer resources. However, we do not deregister their resources or
    terminate their Standard Service Agreement (SSA) if they are RIPE NCC
    members."
    https://www.ripe.net/membership/member-support/the-ripe-ncc-and-ukraine-russia/

At least the RIPE NCC was transparent in the process and seemingly did only
the absolute minimum to comply (freeze, but not deregister IP address blocks).
An approach that might be befitting for the kernel community / LF as well.

Thanks,

Lukas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ