| 1 |
On 01/11/2017 06:45 PM, Robin H. Johnson wrote: |
| 2 |
> TL;DR: Unless a specific "evil" person/organization/entity is trying to |
| 3 |
> interact with Gentoo AND it's on restricted grounds AND we know they are |
| 4 |
> bad, we have no large concerns. |
| 5 |
> |
| 6 |
> The devil is in the details. |
| 7 |
> |
| 8 |
> On Tue, Jan 10, 2017 at 04:39:32PM -0600, Matthew Thode wrote: |
| 9 |
>> 3. US Embargo. |
| 10 |
>> |
| 11 |
>> We are already a US organization, that, in my non-lawyer mind, means |
| 12 |
>> we already have to deal with this. Just because a developer is a member |
| 13 |
>> of the project and not directly under the foundation does not mean the |
| 14 |
>> foundation can ignore US embargo policy. |
| 15 |
>> |
| 16 |
>> That said, I don't really think this has been a problem in the past and |
| 17 |
>> will likely not be a problem in the future. |
| 18 |
> As the person that has looked into this issue the most, with actual |
| 19 |
> legal counsel backing my answer, I will provide my definitive answer. |
| 20 |
> |
| 21 |
> The research was triggered by a potential developer from a previously |
| 22 |
> sanctioned country. It was made moot by said person moving to the US. |
| 23 |
> They did not join us a developer however, citing lack of time after |
| 24 |
> moving. |
| 25 |
> |
| 26 |
> The following definition based on the state of most broad sanctions |
| 27 |
> being replaced by very targeted sanctions in most cases, against |
| 28 |
> whatever the US government doesn't want to happen (arms dealers, russian |
| 29 |
> oil, WMDs etc.) |
| 30 |
> |
| 31 |
> The Foundation, as a US entity, |
| 32 |
> 1. CANNOT _knowingly_ |
| 33 |
> 1.1 do business with or |
| 34 |
> 1.2. have as a member |
| 35 |
> 2. ANY entity |
| 36 |
> 2.1. corporation, |
| 37 |
> 2.2. organization |
| 38 |
> 2.3. individual |
| 39 |
> 3. Is covered by ANY of the following: |
| 40 |
> 3.1. US BIS Denied Persons list [1] |
| 41 |
> 3.2. US Federal Regulations (15)(B)(VII)(C)(744) [2] |
| 42 |
> 3.3. US Department of State Trade Controls [3][4] |
| 43 |
> 3.4. US Department of Treasury Specially Designated Nationals [5] |
| 44 |
> 3.5. US Consolidated Screening List [6] |
| 45 |
> 4. In certain cases, specific exemptions to the above CAN be applied |
| 46 |
> for. |
| 47 |
> |
| 48 |
> For some background, see [10] |
| 49 |
> |
| 50 |
> [1] https://www.bis.doc.gov/index.php/the-denied-persons-list |
| 51 |
> [2] http://www.ecfr.gov/cgi-bin/retrieveECFR?gp=1&SID=9ae4a21068f2bd41d4a5aee843b63ef1&ty=HTML&h=L&n=15y2.1.3.4.28&r=PART#15:2.1.3.4.28.0.1.23.42 |
| 52 |
> [3] http://www.pmddtc.state.gov/compliance/debar.html |
| 53 |
> [4] http://www.pmddtc.state.gov/compliance/debar_admin.html |
| 54 |
> [5] https://www.treasury.gov/resource-center/sanctions/SDN-List/Pages/default.aspx |
| 55 |
> [6] http://2016.export.gov/ecr/eg_main_023148.asp |
| 56 |
> [10] https://www.bis.doc.gov/index.php/policy-guidance/faqs#faq_104 |
| 57 |
> |
| 58 |
> |
| 59 |
|
| 60 |
So, if I'm reading that correctly, it means that we must selectively |
| 61 |
offer foundation membership (based on what looks to be nation-of-origin |
| 62 |
for the most part) rather than defaulting to "yes". In other words, our |
| 63 |
current practice. Do I have that right? |
| 64 |
|
| 65 |
-- |
| 66 |
Daniel Campbell - Gentoo Developer |
| 67 |
OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net |
| 68 |
fpr: AE03 9064 AE00 053C 270C 1DE4 6F7A 9091 1EA0 55D6 |
Archives