some russian nationals excluded from kernel maintenance, presumably due to sanctions.
-
@danderson @ariadne Or rather jejb (not the LF) did: https://lore.kernel.org/netdev/e7d548a[email protected]/
-
Ariadne Conill 🐰:therian:replied to Dave Anderson last edited by
@danderson yeah thats what i figured happened.
-
@vathpela @ariadne My impression is they're just the messenger, similar to gregkh? But you're right, I'm making assumptions about who provided the advice to whom. Their implementation, as far as my lack of legal training goes, seems to be a reasonable match to the obligations of US-based entities, unfortunate as they may be.
-
gaytabasereplied to Ariadne Conill 🐰:therian: last edited by
@ariadne yeah he did kinda lose his mind in a way that worries the fuck out of me.
hopefully things will become more clear when the legal advice is published but shitting hell linus, grow up and apologise.
-
Ariadne Conill 🐰:therian:replied to gaytabase last edited by
@dysfun idk he was being spammed with shit, as has been seen with other russian intelligence campaigns. i think it's understandable.
i also think that working for a company on the US SDN sanctions list (which is probably ~equivalent to the EU one) being a disqualifier for linux kernel maintenance also makes sense in the current geopolitical climate
-
Graham Sutherland / Polynomialreplied to Ariadne Conill 🐰:therian: last edited by
@ariadne @danderson one of the devs who was booted said that they attempted to get reinstated since they hadn't worked at the sanctioned org for over a year (the org doesn't even exist any more, it went bankrupt) and was doing all contribs voluntarily, and was told "sorry, nope, can't help ya", so I'm still confused about the whole thing.
-
gaytabasereplied to Ariadne Conill 🐰:therian: last edited by
@ariadne it comes across as "if you criticise me you are a russian agent", and uh, no.
and i'm not rushing to any judgment about that because we still don't actually know what the situation is because they haven't actually published the legal advice.
i saw ted t'so suggesting that they can still actually contribute, in fact.
-
Ariadne Conill 🐰:therian:replied to Graham Sutherland / Polynomial last edited by
@gsuberland @danderson did he provide tangible documentation that he was no longer working for a company on the SDN list?
-
Ariadne Conill 🐰:therian:replied to gaytabase last edited by
@dysfun i don't really take ted t'so as someone who is particularly authoritative when it comes to the kernel anymore
-
atom :neofox_googly:replied to Ariadne Conill 🐰:therian: last edited by
@[email protected] i don't think sanctions apply to open source software
-
Ariadne Conill 🐰:therian:replied to atom :neofox_googly: last edited by
@atom cool, go become a politician and bugfix the law then
-
gaytabasereplied to Ariadne Conill 🐰:therian: last edited by
@ariadne me neither, but he received that legal advice too, and that's basically the most info we've got and it's the only reason i'm not more annoyed at linus.
-
Dave Andersonreplied to Graham Sutherland / Polynomial last edited by
@gsuberland @ariadne If we're thinking about the same subthread, I saw an appeal to other kernel maintainers, rather than LF lawyers, and without providing evidence that would make a compliance specialist go "yup, I feel confident we're not transacting with an SDN". If that is what happened, I'm not surprised the maintainers declined to debate.
(also that entity was baikal, one of the turbo-sanctioned ones where the burden of proof is going to be higher than a promise by email)
-
Graham Sutherland / Polynomialreplied to Dave Anderson last edited by
@danderson @ariadne fair. I probably need to read the law on this front to figure out what the heck is going on. I'm primarily familiar with it where "transacting" means financial instruments are changing hands, but I'm guessing there are some specifics around voluntary services that apply here.
-
Dave Andersonreplied to Graham Sutherland / Polynomial last edited by
@gsuberland @ariadne Again not a lawyer I just happened to be near similar conversations recently in other contexts. OFAC takes an incredibly broad view of words like "transact", and also doesn't give much clarifying guidance unless you specifically ask (which is $$$ and makes OFAC pay attention to you, both undesirable things generally). A lot of compliance lawyer billable hours goes into defining precisely what you are/do/sell/make, and how that intersects with rules/precedents/vibes.
-
Ariadne Conill 🐰:therian:replied to Dave Anderson last edited by
@danderson @gsuberland i suspect it goes something like this: collaboration in open source = "technology transfer"
-
@gsuberland @ariadne It also means there's generally multiple tiers of policy you can have: the cheap option is ban everyone and be sad. The most expensive option is seeking explicit permission to transact with SDNs in your particular context. In the middle is trying to get clarity on what the intent of the sanction is and whether you can find a safe way to claim they don't apply to your activities.
Whoever gave the kernel advice seems to be going with the middle option so far.
-
@gsuberland @ariadne As evidenced by the fact they didn't ban all russian maintainers, only those where there is some evidence to show they work for/are involved with entities that are on the turbo-very-sanction list where the guidance is pretty explicit.
-
@gsuberland @ariadne Similarly people in the thread brought up Huawei as a kind of gotcha, and the response was that yeah actually Huawei has some additional guidance attached that as long as everything is happening in a public space in the open, then it's Mostly Fine with some asterisks. But whatever rules and rulings led to that outcome don't appear to apply to the russian entities that were at issue here.
-
Graham Sutherland / Polynomialreplied to Ariadne Conill 🐰:therian: last edited by
@ariadne @danderson that would make sense