lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6beb4070-1946-4387-bd0e-34608a76b19e@typeblog.net>
Date: Thu, 24 Oct 2024 12:30:59 -0400
From: Peter Cai <peter@...eblog.net>
To: James Bottomley <James.Bottomley@...senPartnership.com>,
 Serge Semin <fancer.lancer@...il.com>, Jon Mason <jdmason@...zu.us>,
 Dave Jiang <dave.jiang@...el.com>, Allen Hubbe <allenbh@...il.com>,
 ntb@...ts.linux.dev, Andy Shevchenko <andy@...nel.org>,
 Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
 Kory Maincent <kory.maincent@...tlin.com>,
 Cai Huoqing <cai.huoqing@...ux.dev>, dmaengine@...r.kernel.org,
 Mark Brown <broonie@...nel.org>, linux-spi@...r.kernel.org,
 Damien Le Moal <dlemoal@...nel.org>, linux-ide@...r.kernel.org,
 Paul Burton <paulburton@...nel.org>,
 Thomas Bogendoerfer <tsbogend@...ha.franken.de>,
 Arnd Bergmann <arnd@...db.de>, Jiaxun Yang <jiaxun.yang@...goat.com>,
 linux-mips@...r.kernel.org, Bjorn Helgaas <bhelgaas@...gle.com>,
 Manivannan Sadhasivam <manivannan.sadhasivam@...aro.org>,
 Yoshihiro Shimoda <yoshihiro.shimoda.uh@...esas.com>,
 linux-pci@...r.kernel.org, "David S. Miller" <davem@...emloft.net>,
 Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
 Andrew Lunn <andrew@...n.ch>, Russell King <linux@...linux.org.uk>,
 Vladimir Oltean <olteanv@...il.com>, Keguang Zhang
 <keguang.zhang@...il.com>, Yanteng Si <siyanteng@...ngson.cn>,
 netdev@...r.kernel.org, Rob Herring <robh@...nel.org>,
 Krzysztof Kozlowski <krzk@...nel.org>, Guenter Roeck <linux@...ck-us.net>,
 linux-hwmon@...r.kernel.org, Borislav Petkov <bp@...en8.de>,
 linux-edac@...r.kernel.org, Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
 linux-serial@...r.kernel.org
Cc: Andrew Halaney <ajhalaney@...il.com>, Nikita Travkin <nikita@...n.ru>,
 Ivan Kokshaysky <ink@...assic.park.msu.ru>,
 Alexander Shiyan <shc_work@...l.ru>, Dmitry Kozlov <xeb@...l.ru>,
 Sergey Shtylyov <s.shtylyov@....ru>, Evgeniy Dushistov <dushistov@...l.ru>,
 Geert Uytterhoeven <geert@...ux-m68k.org>,
 Sergio Paracuellos <sergio.paracuellos@...il.com>,
 Nikita Shubin <nikita.shubin@...uefel.me>,
 linux-renesas-soc@...r.kernel.org, linux-kernel@...r.kernel.org,
 Kexy Biscuit <kexybiscuit@...c.io>, jeffbai@...c.io,
 Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: linux: Goodbye from a Linux community volunteer

Hi James,

Thanks for your clarification. This sort of non-provocative 
clarifications of the regulations you need to comply to has always been 
what the community wants to see. _This_ should have been the first 
official statement when anyone raised the concern, instead of Greg's 
attempt to "defuse" the situation over private correspondence, or Linus 
Torvald's outright defamation and accusing anyone who dares to disagree 
of being a "Russian troll". This is not even to mention the _complete 
ignorance_ and arrogance shown by his statement on what sending a revert 
patch means.

With sanctions in place, there is no reasonable person who will demand 
the LF or the Linux Kernel maintainers to do otherwise. However, as 
someone who does rely on Linux for daily work, and as someone who has 
contributed to the Linux project and its community, I think seeing the 
following should be the minimum:

1. Linus Torvalds (+Cc) send an apology letter to **everyone** who he 
accused of being a Russian troll;
2. Linus Torvalds need to **unconditionally retract** his personal 
attack on Kexy Biscuit, the person who sent the revert patch in protest 
(+Cc), and acknowledge that people who work with AOSC.io aren't 
"state-sponsored paid actors";
3. This type of statement should be included somewhere public as soon as 
practically possible should sanction compliance affect kernel 
development again in the future;
4. No personal attacks should be allowed based on tinfoil-hat reasoning.

Thanks,
Peter.

On 10/24/24 10:50 AM, James Bottomley wrote:
> On Thu, 2024-10-24 at 07:27 +0300, Serge Semin wrote:
>> Hello Linux-kernel community,
>>
>> I am sure you have already heard the news caused by the recent Greg'
>> commit 6e90b675cf942e ("MAINTAINERS: Remove some entries due to
>> various compliance requirements."). As you may have noticed the
>> change concerned some of the Ru-related developers removal from the
>> list of the official kernel maintainers, including me.
>>
>> The community members rightly noted that the _quite_ short commit log
>> contained very vague terms with no explicit change justification. No
>> matter how hard I tried to get more details about the reason, alas
>> the senior maintainer I was discussing the matter with haven't given
>> an explanation to what compliance requirements that was.
> 
> Please accept all of our apologies for the way this was handled.  A
> summary of the legal advice the kernel is operating under is
> 
>     If your company is on the U.S. OFAC SDN lists, subject to an OFAC
>     sanctions program, or owned/controlled by a company on the list, our
>     ability to collaborate with you will be subject to restrictions, and
>     you cannot be in the MAINTAINERS file.
> 
> Anyone who wishes to can query the list here:
> 
> https://sanctionssearch.ofac.treas.gov/
> 
> In your specific case, the problem is your employer is on that list.
> If there's been a mistake and your employer isn't on the list, that's
> the documentation Greg is looking for.
> 
> I would also like to thank you for all your past contributions and if
> you (or anyone else) would like an entry in the credit file, I'm happy
> to shepherd it for you if you send me what you'd like.
> 
> Again, we're really sorry it's come to this, but all of the Linux
> infrastructure and a lot of its maintainers are in the US and we can't
> ignore the requirements of US law.  We are hoping that this action
> alone will be sufficient to satisfy the US Treasury department in
> charge of sanctions and we won't also have to remove any existing
> patches.
> 
> Regards,
> 
> James Bottomley
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ