lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20241025234435.1006312-1-civil.over@gmail.com>
Date: Sat, 26 Oct 2024 01:44:35 +0200
From: Vladimir Smirnov <civil.over@...il.com>
To: mike@...linux.org
Cc: contact@...yourfox.coffee,
	gregkh@...uxfoundation.org,
	james.bottomley@...senpartnership.com,
	linux-kernel@...r.kernel.org,
	torvalds@...ux-foundation.org
Subject: Re: [PATCH] MAINTAINERS: Remove some entries due to various compliance requirements.

A short disclaimer: opinions expressed are solely my own and not those
of my employer (hence I'm writing that from my personal email)

Misha, I know that after our last interaction you probably won't reply,
but I think it is useful for others to do a small fact-checking of your
reply here.

> There's another one: some lame duck's Executive Order 14071.

When you reference some EO - please quote it and give a link.

As if you go and read the document, you'll see that the invesments are
prohibited (and Maintainership is not an investment), approvals of
transactions (and again, not applicable) and that Secretary of the Treasure
have right to ban certain actions, like sales or reexportation. Again -
nothing directly applicable here.

> http://youtu.be/L5Ec5jrpLVk

I guess, that is the source of the "EO 14071" you've referenced, right?

Anyway, I actually would rephrase what I wrote in a different place exactly in
reply to someone bringing that video today:

There are several problems with that video:
1) Misleading title - you can clearly see that not all russian programmers were
banned by briefly checking MAINTAINERS file in its current state.
2) Maybe I don't know something, but Greg and Linus or CoC or Maintainers
handbook never mentions that removing from maintainers = ban. So that was
a mistake in the video.
3) About EO 14071 - I've quickly hinted to you that it is not what the video
says. To prove the point author then picks up an FAQ from OFAC about expanding
sanctions, which is completely different document and then underquote what it
says... If you scroll just a tiny bit further, you would see that FAQ
explicitly exclude opensource. If you don't belive me check for yourself:
https://ofac.treasury.gov/faqs/1185
Or if you don't trust FAQ, look at the original text: 31 CFR Part 587
And no, those are not sanctions that was known and just delayed until 2024,
but that is a minor problem in the video.
4) Video overall over exaggerate what happend. E.x. "Maintainer of CPU
Architecture" - you can easly get few messages back in the thread and
fact-check who was that and confirm that author is not entierly correct.
5) Even by the time video was published, it was easy to verify that the
whole thing related to OFAC SDN lists - it was a public knowledge that
affected people worked for companies on that list and even the wording itself
gives away what exactly that is (Greg's mention of documentation actually
only can mean it is related to relatively easily fixable problem) and later
Linus made it even clearer by saying something in line with "talk to your
company's lawayer" - which also confirms that.


So I would strongly suggest you to actually do a fact-checking of information
you consume and then spread, because if your opinion is based on false
statements, you probably will have disorted perspective on the matter.

> instead of diggin' their own grave as ordered
> by the most real nazis on this planet.

And that is a good example of what I've meant above. You should fact-check
before you call someone a nazi or even hint that, especially if in other cases
you've quoted low quality information (like the video above).

As there is almost 100% chance that if you'd did that - you won't be saying
what you were saying here or on the other thread within this discussion.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ