| 1 |
TL;DR: Unless a specific "evil" person/organization/entity is trying to |
| 2 |
interact with Gentoo AND it's on restricted grounds AND we know they are |
| 3 |
bad, we have no large concerns. |
| 4 |
|
| 5 |
The devil is in the details. |
| 6 |
|
| 7 |
On Tue, Jan 10, 2017 at 04:39:32PM -0600, Matthew Thode wrote: |
| 8 |
> 3. US Embargo. |
| 9 |
> |
| 10 |
> We are already a US organization, that, in my non-lawyer mind, means |
| 11 |
> we already have to deal with this. Just because a developer is a member |
| 12 |
> of the project and not directly under the foundation does not mean the |
| 13 |
> foundation can ignore US embargo policy. |
| 14 |
> |
| 15 |
> That said, I don't really think this has been a problem in the past and |
| 16 |
> will likely not be a problem in the future. |
| 17 |
As the person that has looked into this issue the most, with actual |
| 18 |
legal counsel backing my answer, I will provide my definitive answer. |
| 19 |
|
| 20 |
The research was triggered by a potential developer from a previously |
| 21 |
sanctioned country. It was made moot by said person moving to the US. |
| 22 |
They did not join us a developer however, citing lack of time after |
| 23 |
moving. |
| 24 |
|
| 25 |
The following definition based on the state of most broad sanctions |
| 26 |
being replaced by very targeted sanctions in most cases, against |
| 27 |
whatever the US government doesn't want to happen (arms dealers, russian |
| 28 |
oil, WMDs etc.) |
| 29 |
|
| 30 |
The Foundation, as a US entity, |
| 31 |
1. CANNOT _knowingly_ |
| 32 |
1.1 do business with or |
| 33 |
1.2. have as a member |
| 34 |
2. ANY entity |
| 35 |
2.1. corporation, |
| 36 |
2.2. organization |
| 37 |
2.3. individual |
| 38 |
3. Is covered by ANY of the following: |
| 39 |
3.1. US BIS Denied Persons list [1] |
| 40 |
3.2. US Federal Regulations (15)(B)(VII)(C)(744) [2] |
| 41 |
3.3. US Department of State Trade Controls [3][4] |
| 42 |
3.4. US Department of Treasury Specially Designated Nationals [5] |
| 43 |
3.5. US Consolidated Screening List [6] |
| 44 |
4. In certain cases, specific exemptions to the above CAN be applied |
| 45 |
for. |
| 46 |
|
| 47 |
For some background, see [10] |
| 48 |
|
| 49 |
[1] https://www.bis.doc.gov/index.php/the-denied-persons-list |
| 50 |
[2] http://www.ecfr.gov/cgi-bin/retrieveECFR?gp=1&SID=9ae4a21068f2bd41d4a5aee843b63ef1&ty=HTML&h=L&n=15y2.1.3.4.28&r=PART#15:2.1.3.4.28.0.1.23.42 |
| 51 |
[3] http://www.pmddtc.state.gov/compliance/debar.html |
| 52 |
[4] http://www.pmddtc.state.gov/compliance/debar_admin.html |
| 53 |
[5] https://www.treasury.gov/resource-center/sanctions/SDN-List/Pages/default.aspx |
| 54 |
[6] http://2016.export.gov/ecr/eg_main_023148.asp |
| 55 |
[10] https://www.bis.doc.gov/index.php/policy-guidance/faqs#faq_104 |
| 56 |
|
| 57 |
> |
| 58 |
> 4. Why is the existing model bad? (more info) |
| 59 |
> |
| 60 |
> We have two voting pools that can be divergent in their goals. What |
| 61 |
> would happen if the foundation wanted x and the council wanted !x? |
| 62 |
> |
| 63 |
> 5. We should have a BDFL (more or less) |
| 64 |
> |
| 65 |
> I don't agree with this personally and it is not the goal of this |
| 66 |
> proposal to move to that model. |
| 67 |
> |
| 68 |
> 6. Liability increase by having all devs be members of the Foundation. |
| 69 |
> |
| 70 |
> William summed it up pretty well, 'working on the project makes you |
| 71 |
> and the project more liable than being a member'. |
| 72 |
> |
| 73 |
> 7. Exclusion of the community. |
| 74 |
> |
| 75 |
> I don't think this is as much a problem as people think. The |
| 76 |
> definition of 'developer' changed about a year ago to mean what used to |
| 77 |
> be 'staff or developer'. So anyone who is what used to be called staff |
| 78 |
> (which I think people applying to the foundation should probably be |
| 79 |
> considered) would have representation (through their vote). |
| 80 |
> |
| 81 |
> 8. Merging the voting pools. |
| 82 |
> |
| 83 |
> The process for this will be better defined in the next version of the |
| 84 |
> proposal. |
| 85 |
> |
| 86 |
> 9. Members of the 'board' having conflicts with their job. |
| 87 |
> |
| 88 |
> I'm, not sure about this as it's likely case by case. But I |
| 89 |
> personally don't see this causing much more issues than what is already |
| 90 |
> caused by working on an open source project. |
| 91 |
> |
| 92 |
> -- |
| 93 |
> Matthew Thode (prometheanfire) |
| 94 |
> |
| 95 |
> |
| 96 |
> |
| 97 |
|
| 98 |
|
| 99 |
|
| 100 |
|
| 101 |
-- |
| 102 |
Robin Hugh Johnson |
| 103 |
Gentoo Linux: Dev, Infra Lead, Foundation Trustee & Treasurer |
| 104 |
E-Mail : robbat2@g.o |
| 105 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |
| 106 |
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 |
Archives