lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <753d203a-a008-4cd3-b053-38b5ce31281b@app.fastmail.com>
Date: Thu, 24 Oct 2024 16:59:36 +0100
From: "Jiaxun Yang" <jiaxun.yang@...goat.com>
To: "James Bottomley" <James.Bottomley@...senpartnership.com>,
 "Serge Semin" <fancer.lancer@...il.com>, "Jon Mason" <jdmason@...zu.us>,
 "Dave Jiang" <dave.jiang@...el.com>, "Allen Hubbe" <allenbh@...il.com>,
 ntb@...ts.linux.dev, "Andy Shevchenko" <andy@...nel.org>,
 "Andy Shevchenko" <andriy.shevchenko@...ux.intel.com>,
 "Kory Maincent" <kory.maincent@...tlin.com>,
 "Cai Huoqing" <cai.huoqing@...ux.dev>, dmaengine@...r.kernel.org,
 "Mark Brown" <broonie@...nel.org>, linux-spi@...r.kernel.org,
 "Damien Le Moal" <dlemoal@...nel.org>, linux-ide@...r.kernel.org,
 "paulburton@...nel.org" <paulburton@...nel.org>,
 "Thomas Bogendoerfer" <tsbogend@...ha.franken.de>,
 "Arnd Bergmann" <arnd@...db.de>,
 "linux-mips@...r.kernel.org" <linux-mips@...r.kernel.org>,
 "Bjorn Helgaas" <bhelgaas@...gle.com>,
 "Manivannan Sadhasivam" <manivannan.sadhasivam@...aro.org>,
 "Yoshihiro Shimoda" <yoshihiro.shimoda.uh@...esas.com>,
 linux-pci <linux-pci@...r.kernel.org>,
 "David S . Miller" <davem@...emloft.net>,
 "Jakub Kicinski" <kuba@...nel.org>, "Paolo Abeni" <pabeni@...hat.com>,
 "Andrew Lunn" <andrew@...n.ch>, "Russell King" <linux@...linux.org.uk>,
 "Vladimir Oltean" <olteanv@...il.com>,
 "Kelvin Cheung" <keguang.zhang@...il.com>,
 "Yanteng Si" <siyanteng@...ngson.cn>, netdev@...r.kernel.org,
 "Rob Herring" <robh@...nel.org>, "Krzysztof Kozlowski" <krzk@...nel.org>,
 "Guenter Roeck" <linux@...ck-us.net>, linux-hwmon@...r.kernel.org,
 "Borislav Petkov" <bp@...en8.de>, linux-edac@...r.kernel.org,
 "Greg Kroah-Hartman" <gregkh@...uxfoundation.org>,
 linux-serial@...r.kernel.org
Cc: "Andrew Halaney" <ajhalaney@...il.com>, "Nikita Travkin" <nikita@...n.ru>,
 "Ivan Kokshaysky" <ink@...assic.park.msu.ru>,
 "Alexander Shiyan" <shc_work@...l.ru>, "Dmitry Kozlov" <xeb@...l.ru>,
 "Sergey Shtylyov" <s.shtylyov@....ru>,
 "Evgeniy Dushistov" <dushistov@...l.ru>,
 "Geert Uytterhoeven" <geert@...ux-m68k.org>,
 "Sergio Paracuellos" <sergio.paracuellos@...il.com>,
 "Nikita Shubin" <nikita.shubin@...uefel.me>,
 linux-renesas-soc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: linux: Goodbye from a Linux community volunteer



在2024年10月24日十月 下午3:50,James Bottomley写道:
> On Thu, 2024-10-24 at 07:27 +0300, Serge Semin wrote:
>> Hello Linux-kernel community,
[...]

Hi James,

Sorry to chime in here, and thanks for making things clear.

However, I have some questions regarding this statement, please see below:

> Please accept all of our apologies for the way this was handled.  A
> summary of the legal advice the kernel is operating under is

In what capacity this statement was made, i.e, who is "our" here and "we"
below? Are you representing any formal group in this case?

>
>    If your company is on the U.S. OFAC SDN lists, subject to an OFAC
>    sanctions program, or owned/controlled by a company on the list, our
>    ability to collaborate with you will be subject to restrictions, and
>    you cannot be in the MAINTAINERS file.
>
> Anyone who wishes to can query the list here:
>
> https://sanctionssearch.ofac.treas.gov/

I did a quick search and found the following entry:

HUAWEI TECHNOLOGIES CO., LTD. Under CMIC-EO13959 sanction program.

Although it's a Non-SDN sanction, it can still be interpreted as
"subject to an OFAC sanctions program".

How should we handle it?

>
[...]
>
> Again, we're really sorry it's come to this, but all of the Linux
> infrastructure and a lot of its maintainers are in the US and we can't
> ignore the requirements of US law.  We are hoping that this action
> alone will be sufficient to satisfy the US Treasury department in
> charge of sanctions and we won't also have to remove any existing
> patches.

I truly appreciate that someone has finally addressed the underlying issue.
I understand the importance of protecting infrastructure and maintainers from
potential legal threats by ensuring compliance. My intent in asking these
questions is not to place anyone in a difficult position, but simply to gain a
better understanding of the situation, so I can take appropriate action to
keep everyone safe.

Disclaimer: I have no connection to any sanctioned body, and I'm a resident
of UK.

Thanks

>
> Regards,
>
> James Bottomley

-- 
- Jiaxun

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ