| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241025234435.1006312-1-civil.over@gmail.com> Date: Sat, 26 Oct 2024 01:44:35 +0200 From: Vladimir Smirnov <civil.over@...il.com> To: mike@...linux.org Cc: contact@...yourfox.coffee, gregkh@...uxfoundation.org, james.bottomley@...senpartnership.com, linux-kernel@...r.kernel.org, torvalds@...ux-foundation.org Subject: Re: [PATCH] MAINTAINERS: Remove some entries due to various compliance requirements. A short disclaimer: opinions expressed are solely my own and not those of my employer (hence I'm writing that from my personal email) Misha, I know that after our last interaction you probably won't reply, but I think it is useful for others to do a small fact-checking of your reply here. > There's another one: some lame duck's Executive Order 14071. When you reference some EO - please quote it and give a link. As if you go and read the document, you'll see that the invesments are prohibited (and Maintainership is not an investment), approvals of transactions (and again, not applicable) and that Secretary of the Treasure have right to ban certain actions, like sales or reexportation. Again - nothing directly applicable here. > http://youtu.be/L5Ec5jrpLVk I guess, that is the source of the "EO 14071" you've referenced, right? Anyway, I actually would rephrase what I wrote in a different place exactly in reply to someone bringing that video today: There are several problems with that video: 1) Misleading title - you can clearly see that not all russian programmers were banned by briefly checking MAINTAINERS file in its current state. 2) Maybe I don't know something, but Greg and Linus or CoC or Maintainers handbook never mentions that removing from maintainers = ban. So that was a mistake in the video. 3) About EO 14071 - I've quickly hinted to you that it is not what the video says. To prove the point author then picks up an FAQ from OFAC about expanding sanctions, which is completely different document and then underquote what it says... If you scroll just a tiny bit further, you would see that FAQ explicitly exclude opensource. If you don't belive me check for yourself: https://ofac.treasury.gov/faqs/1185 Or if you don't trust FAQ, look at the original text: 31 CFR Part 587 And no, those are not sanctions that was known and just delayed until 2024, but that is a minor problem in the video. 4) Video overall over exaggerate what happend. E.x. "Maintainer of CPU Architecture" - you can easly get few messages back in the thread and fact-check who was that and confirm that author is not entierly correct. 5) Even by the time video was published, it was easy to verify that the whole thing related to OFAC SDN lists - it was a public knowledge that affected people worked for companies on that list and even the wording itself gives away what exactly that is (Greg's mention of documentation actually only can mean it is related to relatively easily fixable problem) and later Linus made it even clearer by saying something in line with "talk to your company's lawayer" - which also confirms that. So I would strongly suggest you to actually do a fact-checking of information you consume and then spread, because if your opinion is based on false statements, you probably will have disorted perspective on the matter. > instead of diggin' their own grave as ordered > by the most real nazis on this planet. And that is a good example of what I've meant above. You should fact-check before you call someone a nazi or even hint that, especially if in other cases you've quoted low quality information (like the video above). As there is almost 100% chance that if you'd did that - you won't be saying what you were saying here or on the other thread within this discussion.
Powered by blists - more mailing lists