1 |
TL;DR: Unless a specific "evil" person/organization/entity is trying to |
2 |
interact with Gentoo AND it's on restricted grounds AND we know they are |
3 |
bad, we have no large concerns. |
4 |
|
5 |
The devil is in the details. |
6 |
|
7 |
On Tue, Jan 10, 2017 at 04:39:32PM -0600, Matthew Thode wrote: |
8 |
> 3. US Embargo. |
9 |
> |
10 |
> We are already a US organization, that, in my non-lawyer mind, means |
11 |
> we already have to deal with this. Just because a developer is a member |
12 |
> of the project and not directly under the foundation does not mean the |
13 |
> foundation can ignore US embargo policy. |
14 |
> |
15 |
> That said, I don't really think this has been a problem in the past and |
16 |
> will likely not be a problem in the future. |
17 |
As the person that has looked into this issue the most, with actual |
18 |
legal counsel backing my answer, I will provide my definitive answer. |
19 |
|
20 |
The research was triggered by a potential developer from a previously |
21 |
sanctioned country. It was made moot by said person moving to the US. |
22 |
They did not join us a developer however, citing lack of time after |
23 |
moving. |
24 |
|
25 |
The following definition based on the state of most broad sanctions |
26 |
being replaced by very targeted sanctions in most cases, against |
27 |
whatever the US government doesn't want to happen (arms dealers, russian |
28 |
oil, WMDs etc.) |
29 |
|
30 |
The Foundation, as a US entity, |
31 |
1. CANNOT _knowingly_ |
32 |
1.1 do business with or |
33 |
1.2. have as a member |
34 |
2. ANY entity |
35 |
2.1. corporation, |
36 |
2.2. organization |
37 |
2.3. individual |
38 |
3. Is covered by ANY of the following: |
39 |
3.1. US BIS Denied Persons list [1] |
40 |
3.2. US Federal Regulations (15)(B)(VII)(C)(744) [2] |
41 |
3.3. US Department of State Trade Controls [3][4] |
42 |
3.4. US Department of Treasury Specially Designated Nationals [5] |
43 |
3.5. US Consolidated Screening List [6] |
44 |
4. In certain cases, specific exemptions to the above CAN be applied |
45 |
for. |
46 |
|
47 |
For some background, see [10] |
48 |
|
49 |
[1] https://www.bis.doc.gov/index.php/the-denied-persons-list |
50 |
[2] http://www.ecfr.gov/cgi-bin/retrieveECFR?gp=1&SID=9ae4a21068f2bd41d4a5aee843b63ef1&ty=HTML&h=L&n=15y2.1.3.4.28&r=PART#15:2.1.3.4.28.0.1.23.42 |
51 |
[3] http://www.pmddtc.state.gov/compliance/debar.html |
52 |
[4] http://www.pmddtc.state.gov/compliance/debar_admin.html |
53 |
[5] https://www.treasury.gov/resource-center/sanctions/SDN-List/Pages/default.aspx |
54 |
[6] http://2016.export.gov/ecr/eg_main_023148.asp |
55 |
[10] https://www.bis.doc.gov/index.php/policy-guidance/faqs#faq_104 |
56 |
|
57 |
> |
58 |
> 4. Why is the existing model bad? (more info) |
59 |
> |
60 |
> We have two voting pools that can be divergent in their goals. What |
61 |
> would happen if the foundation wanted x and the council wanted !x? |
62 |
> |
63 |
> 5. We should have a BDFL (more or less) |
64 |
> |
65 |
> I don't agree with this personally and it is not the goal of this |
66 |
> proposal to move to that model. |
67 |
> |
68 |
> 6. Liability increase by having all devs be members of the Foundation. |
69 |
> |
70 |
> William summed it up pretty well, 'working on the project makes you |
71 |
> and the project more liable than being a member'. |
72 |
> |
73 |
> 7. Exclusion of the community. |
74 |
> |
75 |
> I don't think this is as much a problem as people think. The |
76 |
> definition of 'developer' changed about a year ago to mean what used to |
77 |
> be 'staff or developer'. So anyone who is what used to be called staff |
78 |
> (which I think people applying to the foundation should probably be |
79 |
> considered) would have representation (through their vote). |
80 |
> |
81 |
> 8. Merging the voting pools. |
82 |
> |
83 |
> The process for this will be better defined in the next version of the |
84 |
> proposal. |
85 |
> |
86 |
> 9. Members of the 'board' having conflicts with their job. |
87 |
> |
88 |
> I'm, not sure about this as it's likely case by case. But I |
89 |
> personally don't see this causing much more issues than what is already |
90 |
> caused by working on an open source project. |
91 |
> |
92 |
> -- |
93 |
> Matthew Thode (prometheanfire) |
94 |
> |
95 |
> |
96 |
> |
97 |
|
98 |
|
99 |
|
100 |
|
101 |
-- |
102 |
Robin Hugh Johnson |
103 |
Gentoo Linux: Dev, Infra Lead, Foundation Trustee & Treasurer |
104 |
E-Mail : robbat2@g.o |
105 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |
106 |
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 |