lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <c82d67b1-571e-4b93-8def-b454839a22a3@yahoo.com>
Date: Sat, 26 Oct 2024 14:00:17 +0200
From: Angry Dev <angrydev@...oo.com>
To: James Bottomley <James.Bottomley@...senPartnership.com>,
 geert@...ux-m68k.org
Cc: gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
 patches@...ts.linux.dev
Subject: Re: [PATCH] MAINTAINERS: Remove some entries due to various
 compliance requirements.


>> On Fri, 18 Oct 2024, Greg Kroah-Hartman wrote:
>>> Remove some entries due to various compliance requirements. They
>>> can come back in the future if sufficient documentation is
>>> provided.
>> This is very vague...
> We finally got clearance to publish the actual advice:
>
>     If your company is on the U.S. OFAC SDN lists, subject to an OFAC
>     sanctions program, or owned/controlled by a company on the list, our
>     ability to collaborate with you will be subject to restrictions, and
>     you cannot be in the MAINTAINERS file.
>
>> What are "various compliance requirements"?
>> What does "sufficient documentation" mean?
> The documentation Greg is looking for (which a group of Lawyers at the
> LF will verify) is that someone in the removed list doesn't actually
> work for an OFAC SDN sanctioned entity.
I'm pretty sure those sanction lists existed before LF did this move and
they never played a role up until now. It's necessary, I guess, to remember
that those lists are made by political entities for political reasons. If
it would be all so very clear, I really wonder why it is still possible to
work together for Russians and people/companies from the US on the ISS. I
don't really know, but I strongly guess there are companies invoked which
also work for the military on both sides. As most of you know there are
general elections in the US in a couple of days and it's not completely
unlikely that a very erratic and fickle person will be the next president.
It's also not very unlikely in that case, that those sanction lists get
extended because of "I don't like them: Put Em on the list.". So you are
giving a part of your power to US politicians, something nobody who
submitted code to the linux kernel ever agreed to. You are changing the
rules as you go. It's also important to remember that the linux kernel is
not a (commercial) product of the linux foundation or owned by them. It is
(currently) maintained by people who work for the (US based) linux
foundation and it is actually a problem for/of them and it looks a lot like
they (ab)used their technical power to get rid of it. (which can be seen on
the way it was done - which disrespects all rules of submitting a patch).
And as the cherry on top, everybody who disagrees is called a "Russian
Troll" by the project leader. I'm not - believe it or not: idgas. You
really should check your tone, especially if you run out of arguments. Or
is it you just hiding behind lawyers and want to emphasize your political
stand? I would agree in this particular case but neither your nor my
political stand can speak for a global project like linux. In any case: I'm
done with this project and hope somebody in free country will fork.

>> I can guess, but I think it's better to spell out the rules, as Linux
>> kernel development is done "in the open". I am also afraid this is
>> opening the door for further (ab)use...
> I agree we should have been more transparent about this but I think it
> would be hard for someone other than Greg to get a Maintainer removed
> on the "compliance issue" grounds so it's probably not that open to
> abuse.
>
> Regards,
>
> James
>
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ