some russian nationals excluded from kernel maintenance, presumably due to sanctions.
-
atomreplied to Ariadne Conill 🐰:therian: last edited by
@[email protected] i don't think sanctions apply to open source software
-
Ariadne Conill 🐰:therian:replied to atom last edited by
@atom cool, go become a politician and bugfix the law then
-
gaytabasereplied to Ariadne Conill 🐰:therian: last edited by
@ariadne me neither, but he received that legal advice too, and that's basically the most info we've got and it's the only reason i'm not more annoyed at linus.
-
Dave Andersonreplied to Graham Sutherland / Polynomial last edited by
@gsuberland @ariadne If we're thinking about the same subthread, I saw an appeal to other kernel maintainers, rather than LF lawyers, and without providing evidence that would make a compliance specialist go "yup, I feel confident we're not transacting with an SDN". If that is what happened, I'm not surprised the maintainers declined to debate.
(also that entity was baikal, one of the turbo-sanctioned ones where the burden of proof is going to be higher than a promise by email)
-
Graham Sutherland / Polynomialreplied to Dave Anderson last edited by
@danderson @ariadne fair. I probably need to read the law on this front to figure out what the heck is going on. I'm primarily familiar with it where "transacting" means financial instruments are changing hands, but I'm guessing there are some specifics around voluntary services that apply here.
-
Dave Andersonreplied to Graham Sutherland / Polynomial last edited by
@gsuberland @ariadne Again not a lawyer I just happened to be near similar conversations recently in other contexts. OFAC takes an incredibly broad view of words like "transact", and also doesn't give much clarifying guidance unless you specifically ask (which is $$$ and makes OFAC pay attention to you, both undesirable things generally). A lot of compliance lawyer billable hours goes into defining precisely what you are/do/sell/make, and how that intersects with rules/precedents/vibes.
-
Ariadne Conill 🐰:therian:replied to Dave Anderson last edited by
@danderson @gsuberland i suspect it goes something like this: collaboration in open source = "technology transfer"
-
@gsuberland @ariadne It also means there's generally multiple tiers of policy you can have: the cheap option is ban everyone and be sad. The most expensive option is seeking explicit permission to transact with SDNs in your particular context. In the middle is trying to get clarity on what the intent of the sanction is and whether you can find a safe way to claim they don't apply to your activities.
Whoever gave the kernel advice seems to be going with the middle option so far.
-
@gsuberland @ariadne As evidenced by the fact they didn't ban all russian maintainers, only those where there is some evidence to show they work for/are involved with entities that are on the turbo-very-sanction list where the guidance is pretty explicit.
-
@gsuberland @ariadne Similarly people in the thread brought up Huawei as a kind of gotcha, and the response was that yeah actually Huawei has some additional guidance attached that as long as everything is happening in a public space in the open, then it's Mostly Fine with some asterisks. But whatever rules and rulings led to that outcome don't appear to apply to the russian entities that were at issue here.
-
Graham Sutherland / Polynomialreplied to Ariadne Conill 🐰:therian: last edited by
@ariadne @danderson that would make sense
-
gaytabasereplied to Graham Sutherland / Polynomial last edited by
@gsuberland @ariadne @danderson ted t'so (who received that legal advice too) has hinted that there might be a workaround whereby they can still submit patches provided it's done in an open venue like the lkml
-
Graham Sutherland / Polynomialreplied to Dave Anderson last edited by
@danderson @ariadne yeah, all of this makes sense. I've done sanctions training and KYC stuff so I'm generally familiar with the law as far as the UK is concerned, just didn't get into the nitty gritty of the less common types of transacting and what the blast radius is for post-involvement / post-employment at a sanctioned org. complicated stuff! hopefully the actual proper legal advice will come out and clarify a lot of stuff. honestly the biggest fail has just been the communication.
-
@dysfun @gsuberland @ariadne I believe that was in the context of Huawei specifically, which is also subject to some trade restrictions but in a different scope. For the Russian entities like Baikal, I believe I saw that the only remedy is "provide evidence that you're not involved with the sanctioned entities we think you're involved with".
-
Dave Andersonreplied to Graham Sutherland / Polynomial last edited by
@gsuberland @ariadne Yeah part of the problem is the overlapping jurisdictions, sanctions regimes and conflicting opinions make trade compliance an absolute nosebleed to comply with, and frankly unless it's trade compliance lawyers talking to other trade compliance lawyers, the conversations tend to go nowhere because there's so many nuances and complexities. And also no algorithmic guidance so different people can legitimately reach different conclusions given the same input, in many cases.
-
Graham Sutherland / Polynomialreplied to Graham Sutherland / Polynomial last edited by
@danderson @ariadne "we have received legal advice that these maintainers must be immediately removed. this decision was not taken lightly; this is a matter relating to compliance with OFAC sanctions. this is a unique situation for the Linux kernel project and we will need time to traverse it carefully. we will be publishing the details of the legal advice in the coming weeks, once we have had time to fully review the situation, but cannot discuss it in further detail at this time."
-
Graham Sutherland / Polynomialreplied to Graham Sutherland / Polynomial last edited by
@danderson @ariadne that's all they needed to say. maybe a sentence about there being no established appeals process at the current time but legal is being consulted on the requirements and procedures (I ran out of space). and folks would be far more informed, and far less riled up. but ofc it had to be a flailing mess of a situation.
-
Ariadne Conill 🐰:therian:replied to Graham Sutherland / Polynomial last edited by
@gsuberland @danderson the problem is that you don't want to be perceived as willingly acknowledging that you are in violation of an OFAC sanction, there is no way that ends well
-
Graham Sutherland / Polynomialreplied to Ariadne Conill 🐰:therian: last edited by
@ariadne @danderson naturally you get legal to OK the statement, I'm just roughly framing out the kind of thing an adult would write.
-
Graham Sutherland / Polynomialreplied to Graham Sutherland / Polynomial last edited by
@ariadne @danderson and if it's a case of not having a legal-approved statement ready but needing to do it right-frickin-now, you do it and say nothing (or "we have no statement at this time") and keep quiet until legal says ok.