Dear Mediawiki maintainers:
In light of recent discussions within the Linux kernel community regarding compliance with U.S. sanctions laws, particularly the removal of Russian contributors from the MAINTAINERS file,[1][2] how are you ensuring compliance with the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) regulations in your GPL-licensed projects?[3] Specifically:
A. What measures are in place to screen contributors against OFAC's Specially Designated Nationals (SDN) list?
B. How do you handle contributions from individuals or entities located in countries subject to US embargos?
C. Have you assessed potential risks associated with sanctioned parties?
D. What steps are taken to educate and train maintainers and contributors about OFAC sanctions and compliance requirements?
The underlying issue is that the GPL, unlike most other open source licences, has been considered a contract in U.S. courts (e.g., Artifex Software, Inc. v. Hancom, Inc. in 2017; Software Freedom Conservancy, Inc. v. Vizio, Inc. in 2021) which means individuals who work for certain designated companies in U.S.-sanctioned or embargoed countries are forbidden from providing their copyrighted contributions to software licensed under the GPL.[4] Other organizations go further to avoid compliance issues -- for example Google Summer of Code forbids any participation by people "ordinarily resident" in any US embargoed country.[5] Understanding your approach to these issues would be invaluable for the broader open-source community in maintaining compliance and upholding the integrity of all GPL-licensed projects.
[1] https://www.phoronix.com/news/Linux-Compliance-Requirements
[2] https://lore.kernel.org/lkml/e7d548a7fc835f9f3c9cb2e5ed97dfdfa164813f.camel@...
[3] https://ofac.treasury.gov/faqs/all-faqs
[4] https://arstechnica.com/information-technology/2024/10/russian-coders-remove...
[5] https://developers.google.com/open-source/gsoc/faq
Thank you for your attention to these questions.
For personal and safety reasons, I request anonymity on this topic and prefer that replies be shared with the list rather than sent to me directly.