Dear Mediawiki maintainers:
In light of recent discussions within the Linux kernel community regarding compliance with U.S. sanctions laws, particularly the removal of Russian contributors from the MAINTAINERS file,[1][2] how are you ensuring compliance with the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) regulations in your GPL-licensed projects?[3] Specifically:
A. What measures are in place to screen contributors against OFAC's Specially Designated Nationals (SDN) list?
B. How do you handle contributions from individuals or entities located in countries subject to US embargos?
C. Have you assessed potential risks associated with sanctioned parties?
D. What steps are taken to educate and train maintainers and contributors about OFAC sanctions and compliance requirements?
The underlying issue is that the GPL, unlike most other open source licences, has been considered a contract in U.S. courts (e.g., Artifex Software, Inc. v. Hancom, Inc. in 2017; Software Freedom Conservancy, Inc. v. Vizio, Inc. in 2021) which means individuals who work for certain designated companies in U.S.-sanctioned or embargoed countries are forbidden from providing their copyrighted contributions to software licensed under the GPL.[4] Other organizations go further to avoid compliance issues -- for example Google Summer of Code forbids any participation by people "ordinarily resident" in any US embargoed country.[5] Understanding your approach to these issues would be invaluable for the broader open-source community in maintaining compliance and upholding the integrity of all GPL-licensed projects.
[1] https://www.phoronix.com/news/Linux-Compliance-Requirements
[2] https://lore.kernel.org/lkml/e7d548a7fc835f9f3c9cb2e5ed97dfdfa164813f.camel@...
[3] https://ofac.treasury.gov/faqs/all-faqs
[4] https://arstechnica.com/information-technology/2024/10/russian-coders-remove...
[5] https://developers.google.com/open-source/gsoc/faq
Thank you for your attention to these questions.
For personal and safety reasons, I request anonymity on this topic and prefer that replies be shared with the list rather than sent to me directly.
I don't think this type of talk is appropriate for the list. If the concern is liability of WMF, well then WMF lawyers will take whatever action is necessary. If your concern is about your liability as a user of MediaWiki software, you should hire your own lawyers.
Unless WMF lawyers say we need to do something to comply with local laws, we'll continue on carrying on as we always have. That is: MediaWiki is an international project. We don't discriminate based on nationality, ethnicity, etc of any contributors or require that they disclose their nationality to us. We don't hold individual contributors responsible for the sins of their government.
[Obviously, I am just a random person, speaking just on behalf of myself. This is not an official statement in any way] -- Brian
On Fri, Nov 1, 2024 at 4:48 PM Anonymous Account anonacct934@gmail.com wrote:
Dear Mediawiki maintainers:
In light of recent discussions within the Linux kernel community regarding compliance with U.S. sanctions laws, particularly the removal of Russian contributors from the MAINTAINERS file,[1][2] how are you ensuring compliance with the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) regulations in your GPL-licensed projects?[3] Specifically:
A. What measures are in place to screen contributors against OFAC's Specially Designated Nationals (SDN) list?
B. How do you handle contributions from individuals or entities located in countries subject to US embargos?
C. Have you assessed potential risks associated with sanctioned parties?
D. What steps are taken to educate and train maintainers and contributors about OFAC sanctions and compliance requirements?
The underlying issue is that the GPL, unlike most other open source licences, has been considered a contract in U.S. courts (e.g., Artifex Software, Inc. v. Hancom, Inc. in 2017; Software Freedom Conservancy, Inc. v. Vizio, Inc. in 2021) which means individuals who work for certain designated companies in U.S.-sanctioned or embargoed countries are forbidden from providing their copyrighted contributions to software licensed under the GPL.[4] Other organizations go further to avoid compliance issues -- for example Google Summer of Code forbids any participation by people "ordinarily resident" in any US embargoed country.[5] Understanding your approach to these issues would be invaluable for the broader open-source community in maintaining compliance and upholding the integrity of all GPL-licensed projects.
[1] https://www.phoronix.com/news/Linux-Compliance-Requirements
[2] https://lore.kernel.org/lkml/e7d548a7fc835f9f3c9cb2e5ed97dfdfa164813f.camel@...
[3] https://ofac.treasury.gov/faqs/all-faqs
[4] https://arstechnica.com/information-technology/2024/10/russian-coders-remove...
[5] https://developers.google.com/open-source/gsoc/faq
Thank you for your attention to these questions.
For personal and safety reasons, I request anonymity on this topic and prefer that replies be shared with the list rather than sent to me directly.
Wikitech-l mailing list -- wikitech-l@lists.wikimedia.org To unsubscribe send an email to wikitech-l-leave@lists.wikimedia.org https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
On 2024-11-02 (Sat) 09:05:53+09:00, bawolff <bawolff+wn@gmail.com mailto:bawolff%2Bwn@gmail.com> wrote:
Unless WMF lawyers say we need to do something to comply with local laws, we'll continue on carrying on as we always have. That is: MediaWiki is an international project. We don't discriminate based on nationality, ethnicity, etc of any contributors or require that they disclose their nationality to us. We don't hold individual contributors responsible for the sins of their government.
It was the sin of their employer[1] that caused the kernel-drama[2], just saying. But yeah, I personally trust WMF Legal would do a good job when things pop up, and we as an ordinary folks do not need to dig a deep legalese rabbit hole. Sounds like creating a problem for the sake of problem when nothing has pop up yet.
[1]: https://msgid.link/7ee74c1b5b589619a13c6318c9fbd0d6ac7c334a.camel@HansenPart... [2]: There's other factors that fueled it but this is out of scope for wikitech-l.
[Obviously, I am just a random person, speaking just on behalf of myself. This is not an official statement in any way]
Ditto. And I even don't know much about US law.
---- revi | 레비 (IPA: lɛbi) - https://revi.xyz - he/him https://revi.xyz/pronoun-is/ - What time is it in my timezone? https://issuetracker.revi.xyz/u/time - In this Korean name https://en.wikipedia.org/wiki/Korean_name, the family name is Hong https://en.wikipedia.org/wiki/Hong_(Korean_surname), which makes my name HONG Yongmin. - My texts (excluding quotes marked with `>`) to public mailing lists are licensed under CC BY ND 2.0 KR https://creativecommons.org/licenses/by-nd/2.0/kr/. - I reply when my time permits. Don't feel pressured to reply ASAP; take your time and respond at your schedule.
While I completely agree with bawolff, I have to say that
[3] https://ofac.treasury.gov/faqs/all-faqs
is a long-long page, and simply linking the whole stuff does not make me
understand what you speak about at all. You really can't expect everybody on this list to go through this and guess what did you say.
wikitech-l@lists.wikimedia.org