On Thu, 2024-10-24 at 07:27 +0300, Serge Semin wrote:
Hello Linux-kernel community,
I am sure you have already heard the news caused by the recent Greg'
commit 6e90b675cf942e ("MAINTAINERS: Remove some entries due to
various compliance requirements."). As you may have noticed the
change concerned some of the Ru-related developers removal from the
list of the official kernel maintainers, including me.
The community members rightly noted that the quite short commit log
contained very vague terms with no explicit change justification. No
matter how hard I tried to get more details about the reason, alas
the senior maintainer I was discussing the matter with haven't given
an explanation to what compliance requirements that was.
Please accept all of our apologies for the way this was handled. A
summary of the legal advice the kernel is operating under is
If your company is on the U.S. OFAC SDN lists, subject to an OFAC
sanctions program, or owned/controlled by a company on the list, our
ability to collaborate with you will be subject to restrictions, and
you cannot be in the MAINTAINERS file.
In your specific case, the problem is your employer is on that list.
If there's been a mistake and your employer isn't on the list, that's
the documentation Greg is looking for.
I would also like to thank you for all your past contributions and if
you (or anyone else) would like an entry in the credit file, I'm happy
to shepherd it for you if you send me what you'd like.
Again, we're really sorry it's come to this, but all of the Linux
infrastructure and a lot of its maintainers are in the US and we can't
ignore the requirements of US law. We are hoping that this action
alone will be sufficient to satisfy the US Treasury department in
charge of sanctions and we won't also have to remove any existing
patches.
It was an update BTW: Ok, lots of Russian trolls out and about. It's entirely clear why the change was done, it's not getting reverted, and using multiple random anonymous accounts to try to...
It was an update BTW:
Ok, lots of Russian trolls out and about.
It's entirely clear why the change was done, it's not getting reverted, and using multiple random anonymous accounts to try to
"grass root" it by Russian troll factories isn't going to change anything.
And FYI for the actual innocent bystanders who aren't troll farm accounts - the "various compliance requirements" are not just a US
thing.
If you haven't heard of Russian sanctions yet, you should try to read the news some day. And by "news", I don't mean Russian
state-sponsored spam.
As to sending me a revert patch - please use whatever mush you call brains. I'm Finnish. Did you think I'd be supporting Russian
aggression? Apparently it's not just lack of real news, it's lack of history knowledge too.
God this sucks. I get sanctions are needed and they must be applied equally across the board, and that the kernel would be a prime target for exploits and backdoors from state actors, but these...
God this sucks. I get sanctions are needed and they must be applied equally across the board, and that the kernel would be a prime target for exploits and backdoors from state actors, but these guys likely never meant any harm and they just got cut off from maintainership because of the Russian government's actions.
I would be heartbroken if this happened to me honestly, and there's not much to do except accept it. Sad.
Could be worse. You could be a Russian or a Ukrainian soldier who never wanted the war, but now you are spending the rest of your life missing limbs, burned, otherwise mutilated, etc.
Could be worse. You could be a Russian or a Ukrainian soldier who never wanted the war, but now you are spending the rest of your life missing limbs, burned, otherwise mutilated, etc.
There are some paid maintainers, but for the most part these people were contrinbuting in their free time. And honestly it's not that much better for knowledge workers. You can get drafted to die...
There are some paid maintainers, but for the most part these people were contrinbuting in their free time.
And honestly it's not that much better for knowledge workers. You can get drafted to die on the battlefield or build WOMD. You refuse the latter and Putin's in a bad mood, you don't need to worry about mutilation. You just "fall out a window" one day.
The best consolation in misfortune or affliction of any kind will be the thought of other people who are in a still worse plight than yourself; and this is a form of consolation open to every one....
The best consolation in misfortune or affliction of any kind will be the thought of other people who are in a still worse plight than yourself; and this is a form of consolation open to every one. But what an awful fate this means for mankind as a whole!
I mean, I get it. Russia has been behaving pretty poorly as of late. To my knowledge, no other country has been as ballsy on the world stage as Russia. They used a nerve agent to attempt an...
I mean, I get it. Russia has been behaving pretty poorly as of late.
To my knowledge, no other country has been as ballsy on the world stage as Russia. They used a nerve agent to attempt an assassination in England. They are meddling in elections abroad even as I type this.
They certainly aren't above backdooring Linux. In a roundabout way, Russian kernel maintainers and their families may even be safer now than they were before this development.
My only question is why now? I'm assuming the relevant sanctions have been in effect since 2022, so how did these maintainers fly under the radar for this long?
My only question is why now? I'm assuming the relevant sanctions have been in effect since 2022, so how did these maintainers fly under the radar for this long?
The last sentence in Bottomley's email sounds like this may have been a direct ask from a three letter agency (DHS or NSA via Treasury Dept perhaps) I used to work in FinTech and we had to...
The last sentence in Bottomley's email sounds like this may have been a direct ask from a three letter agency (DHS or NSA via Treasury Dept perhaps)
I used to work in FinTech and we had to frequently check to make sure none of our customers or associations were on the OFAC list. We did these checks monthly because the fines were quite high if you were caught. But these were for profit businesses and the wording of the law was pretty clear. Perhaps in the case of the Linux Foundation, they assumed they were exempt because they are non-profit or there was no exchange of money with the Russian maintainers. Or the companies that the maintainers were a part of were recently added to the OFAC list.
Relevant email with more explanation:
So it isn't all Russian contributors, but just ones who's employers are sanctioned?
That's indeed what it looks like. So it really isn't about them being Russian, but the companies they work for.
Well Linus' comment didn't help. Slowly it'll grow to all Russians.
Wait, what comment specifically?
Never mind, wow. Classic linus.
It was an update BTW:
Ok, lots of Russian trolls out and about.
It's entirely clear why the change was done, it's not getting reverted, and using multiple random anonymous accounts to try to
"grass root" it by Russian troll factories isn't going to change anything.
And FYI for the actual innocent bystanders who aren't troll farm accounts - the "various compliance requirements" are not just a US
thing.
If you haven't heard of Russian sanctions yet, you should try to read the news some day. And by "news", I don't mean Russian
state-sponsored spam.
As to sending me a revert patch - please use whatever mush you call brains. I'm Finnish. Did you think I'd be supporting Russian
aggression? Apparently it's not just lack of real news, it's lack of history knowledge too.
God this sucks. I get sanctions are needed and they must be applied equally across the board, and that the kernel would be a prime target for exploits and backdoors from state actors, but these guys likely never meant any harm and they just got cut off from maintainership because of the Russian government's actions.
I would be heartbroken if this happened to me honestly, and there's not much to do except accept it. Sad.
Could be worse. You could be a Russian or a Ukrainian soldier who never wanted the war, but now you are spending the rest of your life missing limbs, burned, otherwise mutilated, etc.
I get what you're saying and you're not wrong - but two bad things can coexist at once.
You can get a new job, you can't get unmutilated for the most part.
There are some paid maintainers, but for the most part these people were contrinbuting in their free time.
And honestly it's not that much better for knowledge workers. You can get drafted to die on the battlefield or build WOMD. You refuse the latter and Putin's in a bad mood, you don't need to worry about mutilation. You just "fall out a window" one day.
The best consolation in misfortune or affliction of any kind will be the thought of other people who are in a still worse plight than yourself; and this is a form of consolation open to every one. But what an awful fate this means for mankind as a whole!
I mean, I get it. Russia has been behaving pretty poorly as of late.
To my knowledge, no other country has been as ballsy on the world stage as Russia. They used a nerve agent to attempt an assassination in England. They are meddling in elections abroad even as I type this.
They certainly aren't above backdooring Linux. In a roundabout way, Russian kernel maintainers and their families may even be safer now than they were before this development.
My only question is why now? I'm assuming the relevant sanctions have been in effect since 2022, so how did these maintainers fly under the radar for this long?
The last sentence in Bottomley's email sounds like this may have been a direct ask from a three letter agency (DHS or NSA via Treasury Dept perhaps)
I used to work in FinTech and we had to frequently check to make sure none of our customers or associations were on the OFAC list. We did these checks monthly because the fines were quite high if you were caught. But these were for profit businesses and the wording of the law was pretty clear. Perhaps in the case of the Linux Foundation, they assumed they were exempt because they are non-profit or there was no exchange of money with the Russian maintainers. Or the companies that the maintainers were a part of were recently added to the OFAC list.
Good.