| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c82d67b1-571e-4b93-8def-b454839a22a3@yahoo.com> Date: Sat, 26 Oct 2024 14:00:17 +0200 From: Angry Dev <angrydev@...oo.com> To: James Bottomley <James.Bottomley@...senPartnership.com>, geert@...ux-m68k.org Cc: gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org, patches@...ts.linux.dev Subject: Re: [PATCH] MAINTAINERS: Remove some entries due to various compliance requirements. >> On Fri, 18 Oct 2024, Greg Kroah-Hartman wrote: >>> Remove some entries due to various compliance requirements. They >>> can come back in the future if sufficient documentation is >>> provided. >> This is very vague... > We finally got clearance to publish the actual advice: > > If your company is on the U.S. OFAC SDN lists, subject to an OFAC > sanctions program, or owned/controlled by a company on the list, our > ability to collaborate with you will be subject to restrictions, and > you cannot be in the MAINTAINERS file. > >> What are "various compliance requirements"? >> What does "sufficient documentation" mean? > The documentation Greg is looking for (which a group of Lawyers at the > LF will verify) is that someone in the removed list doesn't actually > work for an OFAC SDN sanctioned entity. I'm pretty sure those sanction lists existed before LF did this move and they never played a role up until now. It's necessary, I guess, to remember that those lists are made by political entities for political reasons. If it would be all so very clear, I really wonder why it is still possible to work together for Russians and people/companies from the US on the ISS. I don't really know, but I strongly guess there are companies invoked which also work for the military on both sides. As most of you know there are general elections in the US in a couple of days and it's not completely unlikely that a very erratic and fickle person will be the next president. It's also not very unlikely in that case, that those sanction lists get extended because of "I don't like them: Put Em on the list.". So you are giving a part of your power to US politicians, something nobody who submitted code to the linux kernel ever agreed to. You are changing the rules as you go. It's also important to remember that the linux kernel is not a (commercial) product of the linux foundation or owned by them. It is (currently) maintained by people who work for the (US based) linux foundation and it is actually a problem for/of them and it looks a lot like they (ab)used their technical power to get rid of it. (which can be seen on the way it was done - which disrespects all rules of submitting a patch). And as the cherry on top, everybody who disagrees is called a "Russian Troll" by the project leader. I'm not - believe it or not: idgas. You really should check your tone, especially if you run out of arguments. Or is it you just hiding behind lawyers and want to emphasize your political stand? I would agree in this particular case but neither your nor my political stand can speak for a global project like linux. In any case: I'm done with this project and hope somebody in free country will fork. >> I can guess, but I think it's better to spell out the rules, as Linux >> kernel development is done "in the open". I am also afraid this is >> opening the door for further (ab)use... > I agree we should have been more transparent about this but I think it > would be hard for someone other than Greg to get a Maintainer removed > on the "compliance issue" grounds so it's probably not that open to > abuse. > > Regards, > > James > > >
Powered by blists - more mailing lists