some russian nationals excluded from kernel maintenance, presumably due to sanctions.
-
Dave Andersonreplied to Ariadne Conill 🐰:therian: last edited by
@ariadne Somewhere deeper in the thread LF gets specific: they removed maintainers employed by companies that are on the OFAC sanctioned entities list. They can be reinstated if they provide evidence of not being SDNs or employed by SDNs.
And yeah, having Linus take the lead on PR for difficult topics is always a wild ride
-
Krutoniumreplied to Ariadne Conill 🐰:therian: last edited by
@ariadne It has since been confirmed that it is due to Sanctions; The Linux Foundation is a US Entity and must obey the law, basically.
And yeah, his reaction is a bit over the top, I'd be there's more to it than we've seen.
-
@danderson @ariadne Or rather jejb (not the LF) did: https://lore.kernel.org/netdev/e7d548a[email protected]/
-
Ariadne Conill 🐰:therian:replied to Dave Anderson last edited by
@danderson yeah thats what i figured happened.
-
@vathpela @ariadne My impression is they're just the messenger, similar to gregkh? But you're right, I'm making assumptions about who provided the advice to whom. Their implementation, as far as my lack of legal training goes, seems to be a reasonable match to the obligations of US-based entities, unfortunate as they may be.
-
gaytabasereplied to Ariadne Conill 🐰:therian: last edited by
@ariadne yeah he did kinda lose his mind in a way that worries the fuck out of me.
hopefully things will become more clear when the legal advice is published but shitting hell linus, grow up and apologise.
-
Ariadne Conill 🐰:therian:replied to gaytabase last edited by
@dysfun idk he was being spammed with shit, as has been seen with other russian intelligence campaigns. i think it's understandable.
i also think that working for a company on the US SDN sanctions list (which is probably ~equivalent to the EU one) being a disqualifier for linux kernel maintenance also makes sense in the current geopolitical climate
-
Graham Sutherland / Polynomialreplied to Ariadne Conill 🐰:therian: last edited by
@ariadne @danderson one of the devs who was booted said that they attempted to get reinstated since they hadn't worked at the sanctioned org for over a year (the org doesn't even exist any more, it went bankrupt) and was doing all contribs voluntarily, and was told "sorry, nope, can't help ya", so I'm still confused about the whole thing.
-
gaytabasereplied to Ariadne Conill 🐰:therian: last edited by
@ariadne it comes across as "if you criticise me you are a russian agent", and uh, no.
and i'm not rushing to any judgment about that because we still don't actually know what the situation is because they haven't actually published the legal advice.
i saw ted t'so suggesting that they can still actually contribute, in fact.
-
Ariadne Conill 🐰:therian:replied to Graham Sutherland / Polynomial last edited by
@gsuberland @danderson did he provide tangible documentation that he was no longer working for a company on the SDN list?
-
Ariadne Conill 🐰:therian:replied to gaytabase last edited by
@dysfun i don't really take ted t'so as someone who is particularly authoritative when it comes to the kernel anymore
-
atom :neofox_googly:replied to Ariadne Conill 🐰:therian: last edited by
@[email protected] i don't think sanctions apply to open source software
-
Ariadne Conill 🐰:therian:replied to atom :neofox_googly: last edited by
@atom cool, go become a politician and bugfix the law then
-
gaytabasereplied to Ariadne Conill 🐰:therian: last edited by
@ariadne me neither, but he received that legal advice too, and that's basically the most info we've got and it's the only reason i'm not more annoyed at linus.
-
Dave Andersonreplied to Graham Sutherland / Polynomial last edited by
@gsuberland @ariadne If we're thinking about the same subthread, I saw an appeal to other kernel maintainers, rather than LF lawyers, and without providing evidence that would make a compliance specialist go "yup, I feel confident we're not transacting with an SDN". If that is what happened, I'm not surprised the maintainers declined to debate.
(also that entity was baikal, one of the turbo-sanctioned ones where the burden of proof is going to be higher than a promise by email)
-
Graham Sutherland / Polynomialreplied to Dave Anderson last edited by
@danderson @ariadne fair. I probably need to read the law on this front to figure out what the heck is going on. I'm primarily familiar with it where "transacting" means financial instruments are changing hands, but I'm guessing there are some specifics around voluntary services that apply here.
-
Dave Andersonreplied to Graham Sutherland / Polynomial last edited by
@gsuberland @ariadne Again not a lawyer I just happened to be near similar conversations recently in other contexts. OFAC takes an incredibly broad view of words like "transact", and also doesn't give much clarifying guidance unless you specifically ask (which is $$$ and makes OFAC pay attention to you, both undesirable things generally). A lot of compliance lawyer billable hours goes into defining precisely what you are/do/sell/make, and how that intersects with rules/precedents/vibes.
-
Ariadne Conill 🐰:therian:replied to Dave Anderson last edited by
@danderson @gsuberland i suspect it goes something like this: collaboration in open source = "technology transfer"
-
@gsuberland @ariadne It also means there's generally multiple tiers of policy you can have: the cheap option is ban everyone and be sad. The most expensive option is seeking explicit permission to transact with SDNs in your particular context. In the middle is trying to get clarity on what the intent of the sanction is and whether you can find a safe way to claim they don't apply to your activities.
Whoever gave the kernel advice seems to be going with the middle option so far.
-
@gsuberland @ariadne As evidenced by the fact they didn't ban all russian maintainers, only those where there is some evidence to show they work for/are involved with entities that are on the turbo-very-sanction list where the guidance is pretty explicit.