1 |
On 01/11/2017 06:45 PM, Robin H. Johnson wrote: |
2 |
> TL;DR: Unless a specific "evil" person/organization/entity is trying to |
3 |
> interact with Gentoo AND it's on restricted grounds AND we know they are |
4 |
> bad, we have no large concerns. |
5 |
> |
6 |
> The devil is in the details. |
7 |
> |
8 |
> On Tue, Jan 10, 2017 at 04:39:32PM -0600, Matthew Thode wrote: |
9 |
>> 3. US Embargo. |
10 |
>> |
11 |
>> We are already a US organization, that, in my non-lawyer mind, means |
12 |
>> we already have to deal with this. Just because a developer is a member |
13 |
>> of the project and not directly under the foundation does not mean the |
14 |
>> foundation can ignore US embargo policy. |
15 |
>> |
16 |
>> That said, I don't really think this has been a problem in the past and |
17 |
>> will likely not be a problem in the future. |
18 |
> As the person that has looked into this issue the most, with actual |
19 |
> legal counsel backing my answer, I will provide my definitive answer. |
20 |
> |
21 |
> The research was triggered by a potential developer from a previously |
22 |
> sanctioned country. It was made moot by said person moving to the US. |
23 |
> They did not join us a developer however, citing lack of time after |
24 |
> moving. |
25 |
> |
26 |
> The following definition based on the state of most broad sanctions |
27 |
> being replaced by very targeted sanctions in most cases, against |
28 |
> whatever the US government doesn't want to happen (arms dealers, russian |
29 |
> oil, WMDs etc.) |
30 |
> |
31 |
> The Foundation, as a US entity, |
32 |
> 1. CANNOT _knowingly_ |
33 |
> 1.1 do business with or |
34 |
> 1.2. have as a member |
35 |
> 2. ANY entity |
36 |
> 2.1. corporation, |
37 |
> 2.2. organization |
38 |
> 2.3. individual |
39 |
> 3. Is covered by ANY of the following: |
40 |
> 3.1. US BIS Denied Persons list [1] |
41 |
> 3.2. US Federal Regulations (15)(B)(VII)(C)(744) [2] |
42 |
> 3.3. US Department of State Trade Controls [3][4] |
43 |
> 3.4. US Department of Treasury Specially Designated Nationals [5] |
44 |
> 3.5. US Consolidated Screening List [6] |
45 |
> 4. In certain cases, specific exemptions to the above CAN be applied |
46 |
> for. |
47 |
> |
48 |
> For some background, see [10] |
49 |
> |
50 |
> [1] https://www.bis.doc.gov/index.php/the-denied-persons-list |
51 |
> [2] http://www.ecfr.gov/cgi-bin/retrieveECFR?gp=1&SID=9ae4a21068f2bd41d4a5aee843b63ef1&ty=HTML&h=L&n=15y2.1.3.4.28&r=PART#15:2.1.3.4.28.0.1.23.42 |
52 |
> [3] http://www.pmddtc.state.gov/compliance/debar.html |
53 |
> [4] http://www.pmddtc.state.gov/compliance/debar_admin.html |
54 |
> [5] https://www.treasury.gov/resource-center/sanctions/SDN-List/Pages/default.aspx |
55 |
> [6] http://2016.export.gov/ecr/eg_main_023148.asp |
56 |
> [10] https://www.bis.doc.gov/index.php/policy-guidance/faqs#faq_104 |
57 |
> |
58 |
> |
59 |
|
60 |
So, if I'm reading that correctly, it means that we must selectively |
61 |
offer foundation membership (based on what looks to be nation-of-origin |
62 |
for the most part) rather than defaulting to "yes". In other words, our |
63 |
current practice. Do I have that right? |
64 |
|
65 |
-- |
66 |
Daniel Campbell - Gentoo Developer |
67 |
OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net |
68 |
fpr: AE03 9064 AE00 053C 270C 1DE4 6F7A 9091 1EA0 55D6 |