Home Linux Kernel Linux Kernel Maintainer Removals: Compliance Requirements Explained

Linux Kernel Maintainer Removals: Compliance Requirements Explained

By sk
850 views

The Linux kernel community has been embroiled in controversy following the removal of several Russian maintainers from the official list. The action, taken due to "various compliance requirements", is linked to sanctions imposed on Russia by the US and other countries.

While the reasoning behind the decision seems clear - to avoid legal repercussions stemming from collaboration with sanctioned entities - the manner in which it was executed and communicated has sparked criticism and discussions about the politicisation of open-source projects.

Delisting of Russian Linux Kernel Maintainers Sparked Debate

The initial announcement of the Russian Kernel maintainer removals, made through a patch by Greg Kroah-Hartman, lacked transparency and provided little information about the specific compliance requirements. This ambiguity fuelled speculation and led to accusations of unfair targeting based on nationality.

Linus Torvalds, the creator of Linux, responded to the criticism by stating that the decision was made based on legal advice and expressed his personal disapproval of Russian aggression, citing his Finnish heritage.

However, Torvalds' remarks, perceived by some as inflammatory and unprofessional, further exacerbated the situation and failed to provide the clarity sought by the community. Some argue that this incident could have been mitigated with a more measured and transparent approach, offering clear guidelines and explanations from the outset.

A Veteran Linux Kernel Developer's Clarification

The subsequent clarification by James Bottomley, a veteran Kernel developer, shed light on the specific compliance requirements, confirming that they stem from the need to comply with US sanctions regulations, particularly the OFAC SDN lists.

This clarification confirms that the maintainer removals were primarily driven by concerns about potential legal ramifications for the Linux Foundation and its maintainers, many of whom reside in the US.

The debate surrounding this incident transcends the immediate issue of maintainer removals. It raises fundamental questions about the impact of international politics on open-source development and the challenges of maintaining neutrality in a globalised world.

The following is what James wrote in the Linux Kernel mailing list:

Please accept all of our apologies for the way this was handled.  A
summary of the legal advice the kernel is operating under is

If your company is on the U.S. OFAC SDN lists, subject to an OFAC
sanctions program, or owned/controlled by a company on the list, our
ability to collaborate with you will be subject to restrictions, and
you cannot be in the MAINTAINERS file.

Anyone who wishes to can query the list here:

https://sanctionssearch.ofac.treas.gov/

In your specific case, the problem is your employer is on that list.
If there's been a mistake and your employer isn't on the list, that's
the documentation Greg is looking for.

I would also like to thank you for all your past contributions and if
you (or anyone else) would like an entry in the credit file, I'm happy
to shepherd it for you if you send me what you'd like.

Again, we're really sorry it's come to this, but all of the Linux
infrastructure and a lot of its maintainers are in the US and we can't
ignore the requirements of US law. We are hoping that this action
alone will be sufficient to satisfy the US Treasury department in
charge of sanctions and we won't also have to remove any existing
patches.

Regards,

James Bottomley

As you can see, James Bottomley's statement is more professional and polite compared to Linus Torvald's initial response. James maintained a calm and respectful tone throughout his communication and his statement is better received by the community.

This shows the importance of clear, empathetic, and respectful communication in navigating sensitive issues, particularly in open-source communities that value collaboration and inclusivity.

Compliance Requirements for Contributing to the Linux Kernel

The compliance requirements refer to the U.S. OFAC SDN lists, which detail companies and individuals subject to U.S. sanctions. These sanctions aim to restrict collaboration and contributions from individuals associated with sanctioned entities.

  • Specifically, the Linux kernel maintainers were advised that anyone whose company is on the U.S. OFAC SDN list, subject to an OFAC sanctions program, or owned/controlled by a company on the list, is subject to restrictions and cannot be listed in the MAINTAINERS file.
  • This is because a significant portion of the Linux infrastructure and many maintainers are based in the US, requiring adherence to US law.
  • The compliance issue doesn't solely apply to the US, as other countries have implemented similar sanctions against Russia.
  • It is not necessarily about nationality but about the association with sanctioned entities.
  • A maintainer whose employer is on the OFAC list would need to provide documentation proving otherwise to regain their position.
  • The legal implications extend to providing services to sanctioned entities, potentially including reviewing patches from individuals working for such entities.
  • Contributors not listed as maintainers can still submit patches, even if their company is sanctioned, as long as these contributions occur in public forums like the LKML mailing lists, according to US exemptions.
  • However, maintainers take on additional legal responsibilities, and the rules for accepting code or providing guidance can be stricter in other countries, potentially requiring consultation with a lawyer.

This compliance situation highlights the interplay between international law, open-source development, and political realities.

Key Takeaways

Here are some key takeaways:

  • The politicisation of open-source: This event exemplifies the increasing entanglement of open-source projects with global political landscapes.
  • The need for clear communication: Transparent and detailed communication is important, especially in sensitive situations involving legal compliance and potential accusations of discrimination.
  • The role of international law: The incident highlights the complexities of navigating international sanctions and the legal implications of engaging with individuals and entities subject to these sanctions.
  • The future of open-source collaboration: The debate raises concerns about the future of international collaboration in open-source projects, particularly in the face of escalating geopolitical tensions.

The removal of Russian Linux Kernel maintainers has stirred up complex questions within the open-source community, forcing a deeper look at how to balance legal obligations with inclusivity and the spirit of open collaboration.

As political and economic tensions grow around the world, this decision is likely to affect open-source development for a long time.

You May Also Like

6 comments

Minessota Klei October 26, 2024 - 9:08 pm

I repeat my opinion from the previous comment:

This is incredibly ignorant! What concrete result does this decision to remove Russian maintainers bring? This only affects the open source community. This decision is completely absurd!

The US does not have the right to sanction the entire world at its own whim! The UN was created for this purpose. It is the UN that has the authority to issue the appropriate resolutions, by means of a vote by all member countries!

Reply
sk October 27, 2024 - 12:30 pm

Linux foundation operates in USA, so they should obey the laws. Yes, it indeed affects the opensource community.

Reply
Ricardo October 27, 2024 - 1:09 am

OK, this is the kind of communication that should have accompanied the patches removing the maintainers in the first place.
Maybe James should start screening Linus’ and Greg’s emails from now on 😊

And let’s hope he’s right and these sanctions only mean that these developers are being removed as maintainers but their contributions won’t be rejected.

Reply
sk October 27, 2024 - 12:28 pm

I wish someone like James should lead the Linux Kernel project. His way of dealing with the community is much better than Linus.

Reply
Onan the Barbarian October 29, 2024 - 7:46 pm

Bottomley’s statement wasn’t just “more professional and polite”. He actually provided the information that people had been asking for. Linus hadn’t provided any information.

Reply
Attila the Hungarian October 31, 2024 - 11:54 pm

Well, I now get what Linus was saying by “trying to grassroot” the issue. You take a perfectly simple and straightforward situation and blow it way out of proportions.

The whole thing is extremely simple, it can be summed up in a few words: “If you or you employer are sanctioned, you can’t contribute. It is the law.”

Simple as that. You can argue for or against Russia or the USA (not much going in favour of either), but you just cannot legally operate when you don’t follow the law, however good or bad you think it is. The REAL question, one you (and the community at large) missed entirely is WHY is the Linux foundation based in the USA and not in some civilised country…

But again, in this specific case, it is hard to disagree with Linus. I live in a country that is heavily affected by war, and we have just witnessed what it means when Russia goes full steam-roller over your already shaky democracy. (Google rigged elections in Georgia for context).

The bottom line is, we can all pretend that it is only software and who care about politics… But the reality of the situation is that the global geopolitical landscape is real, it is all happening right now, it is happening to all of us, and ignoring it will only make things worse for everyone.

Reply

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More