Concern for open-source to consider
Hi all, I am writing this email to the project to bring your attention to a troubling situation that has implications for the free open-source software community. Three related events took place last week that I believe threaten the open-source movement, restrict the freedom of expression of developers through code, and put us in a position to consider alternative solutions to approaching authoritarian constructs. Firstly, last week, the United States Treasury’s Office of Foreign Assets Control (OFAC) sanctioned open source software Tornado Cash. Make no mistake, this was a sanctioning of a technology. Writing code is a freedom and we as an open-source community value the freedoms to use, share, study, modify and share code. I don’t believe any of us want this freedoms to be taken away. In Bernstein vs. US, courts long ago that code is speech and is protected by the First Amendment. I realize we are a global community and US laws don’t apply to everyone, but it can influence and actions do extend beyond boarders, which led to the second and third events. GitHub removed the account of the code and removed its developers. [1] These developers were de-platformed from GitHub based on OFAC's whim. This brings up an important question. Should our community begin to think about alternatives to these source code hosting services like GitHub and GitLab? They are both companies and they do conform authoritarian constructs regardless of legal precedent. In this case, it proved to be not a private company decision based on media reporting, but a decision based on the repercussion from OFAC, which is very powerful if you know anything about financial authorities. I believe it is worth discussing the possibility of finding a decentralized solution. This event could provide that push we need to adjust the way we move the project forward. I understand we can host code ourselves, but believe joining an established decentralized solution would lower the attack vector of a single solution and allow for us to join a larger community that shares the same principles and values toward the freedoms of open-source software. The third event was that Dutch authorities arrested the developer Alexey Pertsev. There is little information about his arrest, but it appears to be done to intimidate developers from expressing their freedom to develop free software. Maybe more will come out, but this situation instantly brought back memories of Aaron Swartz.[2] My hope is that it does not end up like the way it did with him. The FSFE, FSF and Open-Source Initiative are organizations we have established that would help us in a similar situation. I hope that stand up and defend this developer given the situation aligns clearly with these organizations' purpose. Do you think there is a collective document we should create or something else that can be done for us to collectively voice our views on this overreach? Maybe even creating some sort of Developer Freedom pin that helps us establish a movement when things like this happen. It seems to be a repetitive thing, and maybe we should prepare for this. I ask that each of you voice your concern about the above situation to these helpful organizations if you would like to help. Questions Rephrased: 1. Should we begin to think about alternatives to source code hosting services like GitHub and GitLab? 2. Do you think there is a collective document we need or something else we can do to voice the views on this subject? I hope people find this information useful, discuss it and express their opinions in a manner where we can find an actionable response to this overrearch. I believe it is in the interest of the openSUSE Project, and other projects and organizations to collectively stand up together and voice an opinion that we reject these efforts to censor open-source code. [1] - https://www.theregister.com/2022/08/10/github_tornado_cookies/ [2] - https://youtu.be/vy9tSaZFlPI?t=43 v/r Doug
On Mo, Aug 15 2022 at 15:47:46 -0000, doug demaio <douglas.demaio@gmail.com> wrote:
... Questions Rephrased: 1. Should we begin to think about alternatives to source code hosting services like GitHub and GitLab?
https://code.opensuse.org/ LCP [Jake] https://lcp.world/
Am Montag, 15. August 2022, 17:50:10 CEST schrieb Jacob Michalskie:
On Mo, Aug 15 2022 at 15:47:46 -0000, doug demaio
<douglas.demaio@gmail.com> wrote:
... Questions Rephrased: 1. Should we begin to think about alternatives to source code hosting services like GitHub and GitLab?
There are 345 packages, but <random selection> not many or none seems to be active. However, if this is a viable alternative we should move better sooner than later!
2. Do you think there is a collective document we need or something else we can do to voice the views on this subject?
I have contacted FSFE on the weekend, lets wait to see if there are activities ongoing already. Cheers Axel
Dne pondělí 15. srpna 2022 17:50:10 CEST, Jacob Michalskie napsal(a):
On Mo, Aug 15 2022 at 15:47:46 -0000, doug demaio wrote:
Questions Rephrased: 1. Should we begin to think about alternatives to source code hosting services like GitHub and GitLab?
I logged in and it looks like "light version of GitLab". Why not. I then wonder what is <https://gitlab.opensuse.org/> ...? And then there seems to be empty <https://gitlab.com/openSUSE> ... Ehhh... Why do we need all this, and <https://github.com/openSUSE/> and I-don't-know-what-else...? Regardless this important issue, this distribution of code elsewhere (not mentioning <https://bugzilla.opensuse.org/> and <https://build.opensuse.org/> - where to report which issue is always confusing for me) is terrible messy. I really think we should have *one* location, preferably hosted by openSUSE, regardless what it is. -- Vojtěch Zeisek https://trapa.cz/ Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/
On 8/16/22 18:45, Vojtěch Zeisek wrote:
Dne pondělí 15. srpna 2022 17:50:10 CEST, Jacob Michalskie napsal(a):
On Mo, Aug 15 2022 at 15:47:46 -0000, doug demaio wrote:
Questions Rephrased: 1. Should we begin to think about alternatives to source code hosting services like GitHub and GitLab?
I logged in and it looks like "light version of GitLab". Why not. I then wonder what is <https://gitlab.opensuse.org/> ...? And then there seems to be empty <https://gitlab.com/openSUSE> ... Ehhh... Why do we need all this, and <https://github.com/openSUSE/> and I-don't-know-what-else...? R
The github namespace is actively used to develop a significant portion of openSUSE's software (build.opensuse.org is designed for distributing software not creating it). The board made the choice to register the gitlab group, not because we had any plans to use it but rather it was much simpler to hold it then risk someone else taking it and then have to deal with the process of gaining access back due to the fact that we (well SUSE) owns the trademark. egardless this important issue, this distribution of code elsewhere (not mentioning <https://bugzilla.opensuse.org/> and <https://build.opensuse.org/> - where to report which issue is always confusing for me) is terrible messy. I really think we should have *one* location, preferably hosted by openSUSE, regardless what it is. One of the main issues here is someone needs to volunteer to maintain such infra, for a long time there was no such people willing to do so and we had nothing now code.opensuse.org exists but I don't believe it was strictly implemented to replace all our existing github projects. Another fundamental pillar of openSUSE is that we empower our teams to choose what works best for them including code platforms, so if a team decided that they wished to migrate there git repos from github to gitlab or anything else including something self hosted then we have nothing preventing them from doing such. SUSE has a policy of putting any open source code that it would welcome community contributions to under the openSUSE namespace on github (And open code its not really looking for contributions to under the SUSE namespace). At the end of the day what SUSE does is up to them but it always encourages employees to upstream any code they do on SUSE's behalf to the best possible upstream so some openSUSE teams moving wouldn't cause issues from that perspective. -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B
On 2022-08-16 11:36, Simon Lees wrote:
On 8/16/22 18:45, Vojtěch Zeisek wrote:
Dne pondělí 15. srpna 2022 17:50:10 CEST, Jacob Michalskie napsal(a):
On Mo, Aug 15 2022 at 15:47:46 -0000, doug demaio wrote:
Questions Rephrased: 1. Should we begin to think about alternatives to source code hosting services like GitHub and GitLab?
Fundamentally, I think the argument that we should consider alternative source hosting platforms to GitHub and Gitlab because they might respond to legal action and ban/remove stuff is flawed, when we ourselves run infra which bans/removes stuff for legal reasons. https://en.opensuse.org/openSUSE:Build_Service_application_blacklist It’s a fact of life. Any open source projects infrastructure can be targeted for legal action and Projects need to take care to avoid hosting, and encouraging the use of, stuff that might attract such action.
Hey, On 17.08.22 07:29, Richard Brown wrote:
It’s a fact of life. Any open source projects infrastructure can be targeted for legal action and Projects need to take care to avoid hosting, and encouraging the use of, stuff that might attract such action.
I would be more worried about data portability¹ because 'legal action' means something different in every country, on any given day, for any interested party. Our own tools are not the best regarding this... Henne ¹ https://en.wikipedia.org/wiki/Data_portability -- Henne Vogelsang http://www.opensuse.org Everybody has a plan, until they get hit. - Mike Tyson
On Wed 2022-08-17, Richard Brown wrote:
Fundamentally, I think the argument that we should consider alternative source hosting platforms to GitHub and Gitlab because they might respond to legal action and ban/remove stuff is flawed, when we ourselves run infra which bans/removes stuff for legal reasons.
The latter is our choice, though, admittedly within the parameters of the world we find ourselves in, whereas the former is something we have even less control over. And as you wrote earlier "some countries make really stupid laws" and "some countries enforce them stupidly". So wouldn't it make sense to minimize exposure to such laws and infrastructure in such countries? And to speak up against such laws and them being enforced stupidly? Gerald
On Di, Aug 16 2022 at 11:15:08 +0200, Vojtěch Zeisek <vojtech.zeisek@opensuse.org> wrote:
[...] I then wonder what is <https://gitlab.opensuse.org/> ...?
It requires infra login, so it's not available to mere mortals. It's currently used for our salt setup in infra. We were planning to migrate to code.o.o for that too, but we aren't done setting up CI/CD and migrating it over from gitlab runners.
And then there seems to be empty <https://gitlab.com/openSUSE> ... Ehhh... Why do we need all this, and <https://github.com/openSUSE/> and I-don't-know-what-else...?
gitlab.com one is mostly reserved space so that somebody malicious doesn't reserve it.
Regardless this important issue, this distribution of code elsewhere (not mentioning <https://bugzilla.opensuse.org/> and <https://build.opensuse.org/> - where to report which issue is always confusing for me) is terrible messy.
build.o.o isn't a good place to report issues for distributions, it's always gonna be bugzilla.
I really think we should have *one* location, preferably hosted by openSUSE, regardless what it is.
You forgot that openSUSE has svn.opensuse.org (it seems that the main page is broken, but you can still access repos on there just fine), and there was large presence on gitorious, you can have a look how many old repos are archived there, it's some cool history. You can also find some dead links on various wikis to Novell svn server, I think we lost some stuff when that died, like old artwork sources. LCP [Jake] https://lcp.world/
Dne úterý 16. srpna 2022 11:39:46 CEST jste napsal(a):
On Di, Aug 16 2022 at 11:15:08 +0200, Vojtěch Zeisek wrote:
I then wonder what is <https://gitlab.opensuse.org/> ...?
It requires infra login, so it's not available to mere mortals. It's currently used for our salt setup in infra. We were planning to migrate to code.o.o for that too, but we aren't done setting up CI/CD and migrating it over from gitlab runners.
And then there seems to be empty <https://gitlab.com/openSUSE> ... Ehhh... Why do we need all this, and <https://github.com/openSUSE/> and I-don't-know-what-else...?
gitlab.com one is mostly reserved space so that somebody malicious doesn't reserve it.
Regardless this important issue, this distribution of code elsewhere (not mentioning <https://bugzilla.opensuse.org/> and <https://build.opensuse.org/> - where to report which issue is always confusing for me) is terrible messy.
build.o.o isn't a good place to report issues for distributions, it's always gonna be bugzilla.
I really think we should have *one* location, preferably hosted by openSUSE, regardless what it is.
You forgot that openSUSE has svn.opensuse.org (it seems that the main page is broken, but you can still access repos on there just fine), and there was large presence on gitorious, you can have a look how many old repos are archived there, it's some cool history. You can also find some dead links on various wikis to Novell svn server, I think we lost some stuff when that died, like old artwork sources.
Hm, and I found some (probably abandoned) projects on SourceForge. What a diversity. ;-) Of course I don't wish to "command" developers where to host their code, but I guess everyone can imagine how chaotically the situation looks from outside. But this isn't point of this thread, sorry. -- Vojtěch Zeisek https://trapa.cz/ Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/
On 8/15/22 8:47 AM, doug demaio wrote:
Hi all,
I am writing this email to the project to bring your attention to a troubling situation that has implications for the free open-source software community. Three related events took place last week that I believe threaten the open-source movement, restrict the freedom of expression of developers through code, and put us in a position to consider alternative solutions to approaching authoritarian constructs.
Firstly, last week, the United States Treasury’s Office of Foreign Assets Control (OFAC) sanctioned open source software Tornado Cash. Make no mistake, this was a sanctioning of a technology. Writing code is a freedom and we as an open-source community value the freedoms to use, share, study, modify and share code. I don’t believe any of us want this freedoms to be taken away.
In Bernstein vs. US, courts long ago that code is speech and is protected by the First Amendment. I realize we are a global community and US laws don’t apply to everyone, but it can influence and actions do extend beyond boarders, which led to the second and third events.
GitHub removed the account of the code and removed its developers. [1] These developers were de-platformed from GitHub based on OFAC's whim. This brings up an important question. Should our community begin to think about alternatives to these source code hosting services like GitHub and GitLab? They are both companies and they do conform authoritarian constructs regardless of legal precedent. In this case, it proved to be not a private company decision based on media reporting, but a decision based on the repercussion from OFAC, which is very powerful if you know anything about financial authorities. I believe it is worth discussing the possibility of finding a decentralized solution. This event could provide that push we need to adjust the way we move the project forward. I understand we can host code ourselves, but believe joining an established decentralized solution would lower the attack vector of a single solution and allow for us to join a larger community that shares the same principles and values toward the freedoms of open-source software.
The third event was that Dutch authorities arrested the developer Alexey Pertsev. There is little information about his arrest, but it appears to be done to intimidate developers from expressing their freedom to develop free software. Maybe more will come out, but this situation instantly brought back memories of Aaron Swartz.[2] My hope is that it does not end up like the way it did with him.
The FSFE, FSF and Open-Source Initiative are organizations we have established that would help us in a similar situation. I hope that stand up and defend this developer given the situation aligns clearly with these organizations' purpose. Do you think there is a collective document we should create or something else that can be done for us to collectively voice our views on this overreach? Maybe even creating some sort of Developer Freedom pin that helps us establish a movement when things like this happen. It seems to be a repetitive thing, and maybe we should prepare for this. I ask that each of you voice your concern about the above situation to these helpful organizations if you would like to help.
Questions Rephrased: 1. Should we begin to think about alternatives to source code hosting services like GitHub and GitLab?
2. Do you think there is a collective document we need or something else we can do to voice the views on this subject?
I hope people find this information useful, discuss it and express their opinions in a manner where we can find an actionable response to this overrearch. I believe it is in the interest of the openSUSE Project, and other projects and organizations to collectively stand up together and voice an opinion that we reject these efforts to censor open-source code.
[1] - https://www.theregister.com/2022/08/10/github_tornado_cookies/ [2] - https://youtu.be/vy9tSaZFlPI?t=43
v/r Doug
Thank you, Doug. Yes, this is useful information. Codeberg.org German e.V. FOSS organization avoid Micro$oft and venture-capital-funded/profit-seeking operations: Github, Gitlab works fine for this naïf; operation is indistinguishable from Github's with my simple stuff Carl
Hi all,
I am writing this email to the project to bring your attention to a troubling situation that has implications for the free open-source software community. Three related events took place last week that I believe threaten the open-source movement, restrict the freedom of expression of developers through code, and put us in a position to consider alternative solutions to approaching authoritarian constructs.
Firstly, last week, the United States Treasury’s Office of Foreign Assets Control (OFAC) sanctioned open source software Tornado Cash. Make no mistake, this was a sanctioning of a technology. Writing code is a freedom and we as an open-source community value the freedoms to use, share, study, modify and share code. I don’t believe any of us want this freedoms to be taken away. Freedom is an elementary human right and something that must be defended again and again. But claiming freedom also means taking responsibility. Freedom ends where others are violated, threatened or restricted in
In Bernstein vs. US, courts long ago that code is speech and is protected by the First Amendment. I realize we are a global community and US laws don’t apply to everyone, but it can influence and actions do extend beyond boarders, which led to the second and third events.
GitHub removed the account of the code and removed its developers. [1] These developers were de-platformed from GitHub based on OFAC's whim. This brings up an important question. Should our community begin to think about alternatives to these source code hosting services like GitHub and GitLab? They are both companies and they do conform authoritarian constructs regardless of legal precedent. In this case, it proved to be not a private company decision based on media reporting, but a decision based on the repercussion from OFAC, which is very powerful if you know anything about financial authorities. I believe it is worth discussing the possibility of finding a decentralized solution. This event could provide that push we need to adjust the way we move the project forward. I understand we can host code ourselves, but believe joining an established decentralized solution would lower the attack vector of a single solution and allow for us to join a larger community that shares the same principles and values toward the freedoms of open-source software.
The third event was that Dutch authorities arrested the developer Alexey Pertsev. There is little information about his arrest, but it appears to be done to intimidate developers from expressing their freedom to develop free software. Maybe more will come out, but this situation instantly brought back memories of Aaron Swartz.[2] My hope is that it does not end up like the way it did with him. I think you cannot compare those two cases one-by-one. Swartz was fighting for the freedom of information, and that is an essential part of freedom at all.I might be mistaken, but for Tornado Cash I cannot see much beneficial uses for the overall society, and it is probably mainly used to hide criminal activities. I don't argue that it is ok what happened, but I want to differentiate: Just like for the freedom of speech: it is also important **what** you say and what you intend. It is not a general right you may claim for anything, including hurting others. Respect and responsibility must must go hand in hand with the exercise of civil liberties. The FSFE, FSF and Open-Source Initiative are organizations we have established that would help us in a similar situation. I hope that stand up and defend this developer given the situation aligns clearly with these organizations' purpose. Do you think there is a collective document we should create or something else that can be done for us to collectively voice our views on this overreach? Maybe even creating some sort of Developer Freedom pin that helps us establish a movement when things like this happen. It seems to be a repetitive thing, and maybe we should prepare for this. I ask that each of you voice your concern about the above situation to these helpful organizations if you would like to help.
Questions Rephrased: 1. Should we begin to think about alternatives to source code hosting services like GitHub and GitLab? Yes, this can and should be considered. But not only for the reason of
Am 15.08.22 um 17:47 schrieb doug demaio: their freedom. This is also true for writing software. that case of Alexey Pertsev. Freedom is always at risk when it is in the hands of large corporations.
2. Do you think there is a collective document we need or something else we can do to voice the views on this subject? Would be a good idea. But this document should also talk about responsibility and the rules that everyone must observe to create a free society. In those days, freedom is often misinterpreted as "my right". It is at least as much "my responsibility". I hope people find this information useful, discuss it and express their opinions in a manner where we can find an actionable response to this overrearch. I believe it is in the interest of the openSUSE Project, and other projects and organizations to collectively stand up together and voice an opinion that we reject these efforts to censor open-source code.
[1] - https://www.theregister.com/2022/08/10/github_tornado_cookies/ [2] - https://youtu.be/vy9tSaZFlPI?t=43
v/r Doug Best regards Martin Winter - letsfindaway
I think you cannot compare those two cases one-by-one. Swartz was fighting for the freedom of information, and that is an essential part of freedom at all.I might be mistaken, but for Tornado Cash I cannot see much beneficial uses for the overall society, and it is probably mainly used to hide criminal activities. I don't argue that it is ok what happened, but I want to differentiate: Just like for the freedom of speech: it is also important **what** you say and what you intend. It is not a general right you may claim for anything, including hurting others. Respect and responsibility must must go hand in hand with the exercise of civil liberties.
People who write open-source software have no say over how it is used. There are many positive ways Tornado Cash was used, which you can hear about, but I'll just share one. Writing software that gives fleeing refugees an opportunity to leave their country without funds (mixed) later being seized (by a regime filing a claim with hosting nation against the refugee) by an authoritarian regime is rather noble. The fact that the same software can used for illicit purposes and the developer being charged for the wrong doing of others is nonsensical, arbitrary and overreach. Developers can write software for a purpose. Very often their software gets used for purposes other than what the developer intended.
On Tue, 2022-08-16 at 08:00 +0000, doug demaio wrote:
People who write open-source software have no say over how it is used. There are many positive ways Tornado Cash was used, which you can hear about, but I'll just share one.
The license of the openSUSE Project says otherwise https://en.opensuse.org/openSUSE:License The following clauses in the license used by all of our distributions actively restrict how openSUSE is used: "This agreement permits you to distribute unmodified or modified copies of openSUSE Leap 15.4 using the “openSUSE” trademark on the condition that you follow The openSUSE Project’s trademark guidelines located at http://en.opensuse.org/Legal. You must abide by these trademark guidelines when distributing openSUSE Leap 15.4, regardless of whether openSUSE Leap 15.4 has been modified." Short version - you can't reuse/redistribute openSUSE without complying with https://en.opensuse.org/openSUSE:Trademark_guidelines which limits/controls the use of the openSUSE Trademarks "You will not export or re-export openSUSE Leap 15.4 directly or indirectly, to: (1) any countries that are subject to US export restrictions; (2) any end user who you know or have reason to know will utilize openSUSE Leap 15.4 in the design, development or production of nuclear, chemical or biological weapons, or rocket systems, space launch vehicles, and sounding rockets, or unmanned air vehicle systems, except as authorized by the relevant government agency by regulation or specific license; or (3) any end user who has been prohibited from participating in the US export transactions by any federal agency of the US government" And this is why we don't have any contributors on build.opensuse.org from countries like Iran..they can't even make an account on our infra.. There are many open source and free software licenses that restrict how the software can be used.. GPLv3 is a fine example It's harder for me to share sympathy or support for the cause of this thread when such fundemental errors are cited as quote. -- Richard Brown Linux Distribution Engineer - Future Technology Team SUSE Software Solutions Germany GmbH, Frankenstraße 146, D-90461 Nuremberg, Germany (HRB 36809, AG Nürnberg) Managing Directors/Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman
On 8/16/22 17:42, Richard Brown wrote:
On Tue, 2022-08-16 at 08:00 +0000, doug demaio wrote:
People who write open-source software have no say over how it is used. There are many positive ways Tornado Cash was used, which you can hear about, but I'll just share one.
The license of the openSUSE Project says otherwise
https://en.opensuse.org/openSUSE:License
The following clauses in the license used by all of our distributions actively restrict how openSUSE is used:
"You will not export or re-export openSUSE Leap 15.4 directly or indirectly, to: (1) any countries that are subject to US export restrictions; (2) any end user who you know or have reason to know will utilize openSUSE Leap 15.4 in the design, development or production of nuclear, chemical or biological weapons, or rocket systems, space launch vehicles, and sounding rockets, or unmanned air vehicle systems, except as authorized by the relevant government agency by regulation or specific license; or (3) any end user who has been prohibited from participating in the US export transactions by any federal agency of the US government"
And this is why we don't have any contributors on build.opensuse.org from countries like Iran..they can't even make an account on our infra..
Thankyou for reminding me that the way export control is handled for open source projects has changed and that I need to remember to bug the board to speak to legal to get this part of the terms and conditions removed because its no longer required by US law (maybe after dinner i'll find the references to this but there have been changes in the last year or so in this area). On the other hand the other parts you pointed to related to trademarks are definitely still valid. Cheers -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B
On Tuesday, August 16, 2022 10:12:32 AM CEST Richard Brown wrote:
On Tue, 2022-08-16 at 08:00 +0000, doug demaio wrote:
People who write open-source software have no say over how it is used. There are many positive ways Tornado Cash was used, which you can hear about, but I'll just share one.
The license of the openSUSE Project says otherwise
https://en.opensuse.org/openSUSE:License
The following clauses in the license used by all of our distributions actively restrict how openSUSE is used:
"This agreement permits you to distribute unmodified or modified copies of openSUSE Leap 15.4 using the “openSUSE” trademark on the condition that you follow The openSUSE Project’s trademark guidelines located at http://en.opensuse.org/Legal. You must abide by these trademark guidelines when distributing openSUSE Leap 15.4, regardless of whether openSUSE Leap 15.4 has been modified."
No, it does not control how to use the distribution but the trademark. I can download openSUSE Leap 15.4, install it into my new nuke and control it. Maybe I cannot say "Nuke powered by *openSUSE* Leap 15.4", as I would be using the trademark. But I definitively can run the software at my will. In other case this will be in contradiction with some (all?) the licenses that compose the distribution, that are explicit in granting the freedom of running the software. For example, in the GPL Faq[1] """ Can I use GPLed software on a device that will stop operating if customers do not continue paying a subscription fee? (#SubscriptionFee) No. In this scenario, the requirement to keep paying a fee limits the user's ability to run the program. This is an additional requirement on top of the GPL, and the license prohibits it. """ [1] https://www.gnu.org/licenses/gpl-faq.en.html -- SUSE Software Solutions Germany GmbH Frankenstrasse 146 90461 Nuremberg Germany Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman (HRB 36809, AG Nürnberg)
On 8/16/22 17:58, Alberto Planas wrote:
On Tuesday, August 16, 2022 10:12:32 AM CEST Richard Brown wrote:
On Tue, 2022-08-16 at 08:00 +0000, doug demaio wrote:
People who write open-source software have no say over how it is used. There are many positive ways Tornado Cash was used, which you can hear about, but I'll just share one.
The license of the openSUSE Project says otherwise
https://en.opensuse.org/openSUSE:License
The following clauses in the license used by all of our distributions actively restrict how openSUSE is used:
"This agreement permits you to distribute unmodified or modified copies of openSUSE Leap 15.4 using the “openSUSE” trademark on the condition that you follow The openSUSE Project’s trademark guidelines located at http://en.opensuse.org/Legal. You must abide by these trademark guidelines when distributing openSUSE Leap 15.4, regardless of whether openSUSE Leap 15.4 has been modified."
No, it does not control how to use the distribution but the trademark.
I can download openSUSE Leap 15.4, install it into my new nuke and control it. Maybe I cannot say "Nuke powered by *openSUSE* Leap 15.4", as I would be using the trademark. But I definitively can run the software at my will.
Sure you *can* technically do this but given its currently against our elua if someone within the project found out you were doing this they would be obliged to contact Legal who would be obliged to take out a court order to prevent you from continuing to do such. To the point where if you were violating the trademark part more so then the Nuke part if we didn't do this we would loose our trademarks. Given export control law has changed whether a court would still do the same there is possibly atleast up for a discussion but if we found you doing such several years ago there are certainly courts in many countries that would have forced you to stop doing such. The fact that the US government has recognized its practically impossible to prevent the spread of open source software and that it doesn't make sense to hold say github or a mirror provider responsible for allowing someone say in Iran to get access to export controlled software is exactly why that law changed, at the same time most jurisdictions will likely still uphold any reasonable EULA that an open source project creates and will force people who are violating such restrictions to stop using those products. -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B
On Tuesday, August 16, 2022 10:40:20 AM CEST Simon Lees wrote:
Sure you *can* technically do this but given its currently against our elua if someone within the project found out you were doing this they would be obliged to contact Legal who would be obliged to take out a court order to prevent you from continuing to do such.
Is not a technicality. Is a basic freedom. A pillar one. Not some minor legal detail. You cannot restrict the usage. It is freedom 0[1] You can limit the use of the trademark. "openSUSE" trademark cannot and should not be used in the limits that are enumerated. Douglas' point was valid. The use of software under a free license cannot be restricted, and doing it is an attack. And hubs like gitlab / github are a problem in this scenario, as much as they control the delivery channel of the software.
EULA
EULAs are not for open source, are for closed source. They are the terms that allow the use without granting ownership. openSUSE as a collective work has a license, but there is not much that can say besides "if you change it in a way that we do not like, is not openSUSE anymore". [1] https://www.gnu.org/philosophy/free-sw.html -- SUSE Software Solutions Germany GmbH Frankenstrasse 146 90461 Nuremberg Germany Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman (HRB 36809, AG Nürnberg)
On 8/16/22 18:44, Alberto Planas wrote:
On Tuesday, August 16, 2022 10:40:20 AM CEST Simon Lees wrote:
Sure you *can* technically do this but given its currently against our elua if someone within the project found out you were doing this they would be obliged to contact Legal who would be obliged to take out a court order to prevent you from continuing to do such.
Is not a technicality. Is a basic freedom. A pillar one. Not some minor legal detail. You cannot restrict the usage. It is freedom 0[1]
EULAs are not for open source, are for closed source. They are the terms that allow the use without granting ownership.
openSUSE as a collective work has a license, but there is not much that can say besides "if you change it in a way that we do not like, is not openSUSE anymore".
My point here is that the openSUSE can and does put restrictions on the usage of the software it distributes and it has in the past and will in the future take legal action against cases where it is used outside those terms. No that doesn't prevent someone else from taking our source code and doing something else with it (provided they honor any trademark related issues). But that wasn't the point that either I or Richard were making here. -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B
On Tue, 16 Aug 2022 18:58:42 +0930, Simon Lees wrote:
My point here is that the openSUSE can and does put restrictions on the usage of the software it distributes and it has in the past and will in the future take legal action against cases where it is used outside those terms.
Where in the EULA does it detail those restrictions on the use of the software? Given that openSUSE is comprised of code that is largely not owned by the openSUSE project, I would find that to be unenforceable. The only thing the project would seem to me to be in a position to control is the use of the trademarks. -- Jim Henderson Please keep on-topic replies on the list so everyone benefits
Le 16/08/2022 à 11:14, Alberto Planas a écrit :
EULAs are not for open source, are for closed source.
"open source" is often misunderstood. In legal meaning, the words are to be understood *literally*, not interpreted. "open source" mean the sources of the software are available. Point. Some are even available through a fee... after that are the licenses. The worst license is saying nothing, because this don't mean all is free, but local laws apply and this we shouldn't like. One can say "do what you want of my code", this mean any corporation can include it in proprietary software if they want GPL is a pretty restricted license is you plan to use software in proprietary application (it's the goal of GPL to prevent this) one can even forgive use of an open source software completely Making a distro can be pretty hard when one have to cope with all the many licenses devs uses. jdd -- http://dodin.org http://valeriedodin.com
On Di, Aug 16 2022 at 13:28:06 +0200, jdd@dodin.org wrote:
"open source" mean the sources of the software are available. Point. Some are even available through a fee...
source available is not open source though, you wouldn't call (and their developers don't call) the vivaldi browser open source despite the fact you can download the source for it on their website. LCP [Jake] https://lcp.world/
On Tue, 16 Aug 2022 18:10:20 +0930, Simon Lees wrote:
"This agreement permits you to distribute unmodified or modified copies of openSUSE Leap 15.4 using the “openSUSE” trademark on the condition that you follow The openSUSE Project’s trademark guidelines located at http://en.opensuse.org/Legal. You must abide by these trademark guidelines when distributing openSUSE Leap 15.4, regardless of whether openSUSE Leap 15.4 has been modified."
No, it does not control how to use the distribution but the trademark.
I can download openSUSE Leap 15.4, install it into my new nuke and control it. Maybe I cannot say "Nuke powered by *openSUSE* Leap 15.4", as I would be using the trademark. But I definitively can run the software at my will.
Sure you *can* technically do this but given its currently against our elua if someone within the project found out you were doing this they would be obliged to contact Legal who would be obliged to take out a court order to prevent you from continuing to do such.
The quoted section of the agreement talks about distribution and trademark use, not use of the software. There's nothing in that quoted section (nor that I can find in the trademark guidelines section that's linked) that places any sort of restrictions on how the *software* is used - just the openSUSE trademarks. -- Jim Henderson Please keep on-topic replies on the list so everyone benefits
On 8/17/22 00:52, Jim Henderson wrote:
On Tue, 16 Aug 2022 18:10:20 +0930, Simon Lees wrote:
"This agreement permits you to distribute unmodified or modified copies of openSUSE Leap 15.4 using the “openSUSE” trademark on the condition that you follow The openSUSE Project’s trademark guidelines located at http://en.opensuse.org/Legal. You must abide by these trademark guidelines when distributing openSUSE Leap 15.4, regardless of whether openSUSE Leap 15.4 has been modified."
No, it does not control how to use the distribution but the trademark.
I can download openSUSE Leap 15.4, install it into my new nuke and control it. Maybe I cannot say "Nuke powered by *openSUSE* Leap 15.4", as I would be using the trademark. But I definitively can run the software at my will.
Sure you *can* technically do this but given its currently against our elua if someone within the project found out you were doing this they would be obliged to contact Legal who would be obliged to take out a court order to prevent you from continuing to do such.
The quoted section of the agreement talks about distribution and trademark use, not use of the software.
There's nothing in that quoted section (nor that I can find in the trademark guidelines section that's linked) that places any sort of restrictions on how the *software* is used - just the openSUSE trademarks.
The section from Richard's first email also states that the *software* is covered under the terms of US Export Control, everyone agrees to these terms when running the installer. If you were found to not be agreeing to such terms then your right to use the software would be revoked. In all likelyness the reason we have such terms is because in the past if we weren't seeming to do everything we could as a project to comply with US Export Control, and someone was to be found to be using openSUSE software in a way that was prohibited under export control law then the US government could equally apply similar prevention's on people interacting with openSUSE. As I said in a different email how export control applies to open source projects has now changed so this is now much less of a risk. But it is an example of us putting limits on the use of our software beyond what is covered by the other various licenses. -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B
On Wed, 17 Aug 2022 10:05:59 +0930, Simon Lees wrote:
The section from Richard's first email also states that the *software* is covered under the terms of US Export Control, everyone agrees to these terms when running the installer. If you were found to not be agreeing to such terms then your right to use the software would be revoked.
That's different than specific restrictions on use, though, such as the nuke example - that protects SUSE's trademarks only, but as the code is OSS, rebranding it is certainly doable. But also, it seems like it might be legally dubious to take code that I wrote and packaged to be included in openSUSE and to override my wishes as the author by enforcing different legal terms as to the use of the code. (This is a hypothetical, as I don't have code that's distributed as part fo the distro, and only have a couple of packages in OBS that I build from other peoples' code). But working from the export-restricted argument, if my (hypothetical) code doesn't include anything that's export-restricted, then distribution to individuals who want it would be permitted in any event. If I, as an author of code, live in the US, the embargoed countries for the US are still places I can't legally export things to, but if that code that I created is OSS and is distributed through a server in China by someone who "forked" the code by making a copy and not changing it, I'm not distributing the code to North Korea, but my code is ending up in North Korea nonetheless. What laws were broken in that instance? The license in openSUSE really is covering the specific collection of software distributed as openSUSE - but not the code itself.
In all likelyness the reason we have such terms is because in the past if we weren't seeming to do everything we could as a project to comply with US Export Control, and someone was to be found to be using openSUSE software in a way that was prohibited under export control law then the US government could equally apply similar prevention's on people interacting with openSUSE. As I said in a different email how export control applies to open source projects has now changed so this is now much less of a risk. But it is an example of us putting limits on the use of our software beyond what is covered by the other various licenses.
Yeah, that makes sense, and there is export-restricted code in the open- source world. But tracing it is pretty difficult to do outside of a specific distro. As a German company, is SUSE required to follow US Export restrictions? (Probably yes for distribution that takes place from the US; say it's hosted on a server in China, though....The law there is different, and someone from, say, North Korea, could legally obtain it from that server without any such restriction - as far as I know). -- Jim Henderson Please keep on-topic replies on the list so everyone benefits
On 8/18/22 01:50, Jim Henderson wrote:
On Wed, 17 Aug 2022 10:05:59 +0930, Simon Lees wrote:
The section from Richard's first email also states that the *software* is covered under the terms of US Export Control, everyone agrees to these terms when running the installer. If you were found to not be agreeing to such terms then your right to use the software would be revoked.
That's different than specific restrictions on use, though, such as the nuke example - that protects SUSE's trademarks only, but as the code is OSS, rebranding it is certainly doable.
But also, it seems like it might be legally dubious to take code that I wrote and packaged to be included in openSUSE and to override my wishes as the author by enforcing different legal terms as to the use of the code. (This is a hypothetical, as I don't have code that's distributed as part fo the distro, and only have a couple of packages in OBS that I build from other peoples' code). But working from the export-restricted argument, if my (hypothetical) code doesn't include anything that's export-restricted, then distribution to individuals who want it would be permitted in any event.
If I, as an author of code, live in the US, the embargoed countries for the US are still places I can't legally export things to, but if that code that I created is OSS and is distributed through a server in China by someone who "forked" the code by making a copy and not changing it, I'm not distributing the code to North Korea, but my code is ending up in North Korea nonetheless.
What laws were broken in that instance?
This is a fundamental reason why export control laws related to open source code have fundamentally changed in the last year or so see https://www.linuxfoundation.org/tools/understanding-us-export-controls-with-... if your interested.
The license in openSUSE really is covering the specific collection of software distributed as openSUSE - but not the code itself.
In all likelyness the reason we have such terms is because in the past if we weren't seeming to do everything we could as a project to comply with US Export Control, and someone was to be found to be using openSUSE software in a way that was prohibited under export control law then the US government could equally apply similar prevention's on people interacting with openSUSE. As I said in a different email how export control applies to open source projects has now changed so this is now much less of a risk. But it is an example of us putting limits on the use of our software beyond what is covered by the other various licenses.
Yeah, that makes sense, and there is export-restricted code in the open- source world. But tracing it is pretty difficult to do outside of a specific distro. As a German company, is SUSE required to follow US Export restrictions? (Probably yes for distribution that takes place from the US; say it's hosted on a server in China, though....The law there is different, and someone from, say, North Korea, could legally obtain it from that server without any such restriction - as far as I know).
It always gets more complicated as SUSE has legal entities in every country where it has direct employees (and probably also some others). -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B
On Thu, 18 Aug 2022 17:09:30 +0930, Simon Lees wrote:
If I, as an author of code, live in the US, the embargoed countries for the US are still places I can't legally export things to, but if that code that I created is OSS and is distributed through a server in China by someone who "forked" the code by making a copy and not changing it, I'm not distributing the code to North Korea, but my code is ending up in North Korea nonetheless.
What laws were broken in that instance?
This is a fundamental reason why export control laws related to open source code have fundamentally changed in the last year or so see https://www.linuxfoundation.org/tools/understanding-us-export-controls- with-open-source-projects/ if your interested.
This is good info, I'll take a look at it later in the day (still pretty early in the morning here :) )
Yeah, that makes sense, and there is export-restricted code in the open- source world. But tracing it is pretty difficult to do outside of a specific distro. As a German company, is SUSE required to follow US Export restrictions? (Probably yes for distribution that takes place from the US; say it's hosted on a server in China, though....The law there is different, and someone from, say, North Korea, could legally obtain it from that server without any such restriction - as far as I know).
It always gets more complicated as SUSE has legal entities in every country where it has direct employees (and probably also some others).
Absolutely. But I think the point as well that I'm making is that SUSE doesn't own a lot of the code ("most" actually) that they're distributing, either as part of SLE or as part of openSUSE. So if I were based in China and contributing code to a project that openSUSE provides in its distro, my code could be legally be distributed (under Chinese law) to North Korea, but not as part of openSUSE. Or maybe an even more relatable situation - if I am based in Canada, there's no embargo in Canada against Iran. So there's a question of code ownership that seems to me to be relevant here. -- Jim Henderson Please keep on-topic replies on the list so everyone benefits
Richard Brown wrote:
On Tue, 2022-08-16 at 08:00 +0000, doug demaio wrote:
People who write open-source software have no say over how it is used. There are many positive ways Tornado Cash was used, which you can hear about, but I'll just share one. The license of the openSUSE Project says otherwise
I see your point, but that's assuming people take that code or software and act in good faith. What happened here wasn't that. It was someone making a privacy protocol and someone didn't act in good faith, so the powers that be chose to penalized the use because of the bad actors involvement, outlaw the use of that code and vilify the developer who made it. It would be like some bad actor using flatpaks to create something not acceptable and now all the sudden some of us can't interact with flatpaks because the powers that be find it too dangerous. Then they make the developer of it an outlaw. This is basically what happened.
It's harder for me to share sympathy or support for the cause of this thread when such fundemental errors are cited as quote.
Perhaps you just needed more context. This type of event should be concerning and it has my attention.
Am Dienstag, 16. August 2022, 15:31:40 CEST schrieb doug demaio: ....
It would be like some bad actor using flatpaks to create something not acceptable and now all the sudden some of us can't interact with flatpaks because the powers that be find it too dangerous. Then they make the developer of it an outlaw. This is basically what happened.
Even more simple: A knife can not only be used to cut tomatoes...some chemicals can be used to make medicine, but as well poison or bombs. The general issue with dual-use items Axel
On 2022-08-16 15:31, doug demaio wrote:
Richard Brown wrote:
On Tue, 2022-08-16 at 08:00 +0000, doug demaio wrote:
People who write open-source software have no say over how it is used. There are many positive ways Tornado Cash was used, which you can hear about, but I'll just share one. The license of the openSUSE Project says otherwise
I see your point, but that's assuming people take that code or software and act in good faith. What happened here wasn't that. It was someone making a privacy protocol and someone didn't act in good faith, so the powers that be chose to penalized the use because of the bad actors involvement, outlaw the use of that code and vilify the developer who made it. It would be like some bad actor using flatpaks to create something not acceptable and now all the sudden some of us can't interact with flatpaks because the powers that be find it too dangerous. Then they make the developer of it an outlaw. This is basically what happened.
Sure but the “good faith” argument doesn’t really fly for me either I believe libdvdcss was written in good faith, but there’s no question it does something that is legally controversial and that’s why we don’t allow it anywhere near our Projects repos There’s tons of open source information security tools that were written in good faith and are often used in good faith, but are considered “Hacking tools” under German law and so we also don’t allow them on OBS (yet another example of existing restrictions applied to open source) If we could use patent encumbered open source codecs in good faith we’d have them in the distro now.. wouldn’t we?
It's harder for me to share sympathy or support for the cause of this thread when such fundemental errors are cited as quote.
Perhaps you just needed more context. This type of event should be concerning and it has my attention.
This event doesn’t concern me any more than any of the previous FOSS legal controversies Just because something is open source doesn’t enable its use to skirt the laws of the lands And some countries make really stupid laws And some countries enforce them stupidly It’s a minefield, but one we navigate daily and have navigated for years. The only question this incident raises for me is a casual pondering as to whether we will need to treat cryptocurrency tools in a similar way to “hacking” tools, patented codecs, and libdvdcss and keep them out of openSUSE to avoid legal entanglements. -- Richard Brown Linux Distribution Engineer - Future Technology Team SUSE Software Solutions Germany GmbH, Frankenstraße 146, D-90461 Nuremberg, Germany (HRB 36809, AG Nürnberg) Managing Directors/Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman
Richard Brown wrote:
Just because something is open source doesn’t enable its use to skirt the laws of the lands And some countries make really stupid laws And some countries enforce them stupidly It’s a minefield, but one we navigate daily and have navigated for years.
I can respect that point of view. I don't agree with it. History is filled with reasons for change by those who are labeled rebels; those who did not conform to the stupidity. Whether right or wrong, this mentality creates change needed to not remain stagnate.
The only question this incident raises for me is a casual pondering as to whether we will need to treat cryptocurrency tools in a similar way to “hacking” tools, patented codecs, and libdvdcss and keep them out of openSUSE to avoid legal entanglements.
This is a discussion that needs or should happen. Guess I'll start. If I'm running a bitcoin node via flatpak on a Tumbleweed machine and it's processing the less than 1% criminal activity [1] on the bitcoin network, is their a problem? Should we now start to consider having tools that prevent certain flatpaks from being used on our distros? [1] https://blog.chainalysis.com/reports/2022-crypto-crime-report-introduction/
On 8/17/22 09:08, doug demaio wrote:
Richard Brown wrote:
The only question this incident raises for me is a casual pondering as to whether we will need to treat cryptocurrency tools in a similar way to “hacking” tools, patented codecs, and libdvdcss and keep them out of openSUSE to avoid legal entanglements.
This is a discussion that needs or should happen. Guess I'll start. If I'm running a bitcoin node via flatpak on a Tumbleweed machine and it's processing the less than 1% criminal activity [1] on the bitcoin network, is their a problem? Should we now start to consider having tools that prevent certain flatpaks from being used on our distros?
[1] https://blog.chainalysis.com/reports/2022-crypto-crime-report-introduction/
The question is not whether we should have tools to prevent a certain software to run on openSUSE. That's out of question. We don't have tools to prevent the execution of hacking tools, patented codecs or libdbdcss. We simply don't distribute those. So the question is whether we should distribute a given software (cryptocurrency tools in this case) as part of our distributions. Cheers. -- Ancor González Sosa YaST Team at SUSE Software Solutions
On 2022-08-17 09:08, doug demaio wrote:
Richard Brown wrote:
Just because something is open source doesn’t enable its use to skirt the laws of the lands And some countries make really stupid laws And some countries enforce them stupidly It’s a minefield, but one we navigate daily and have navigated for years.
I can respect that point of view. I don't agree with it. History is filled with reasons for change by those who are labeled rebels; those who did not conform to the stupidity. Whether right or wrong, this mentality creates change needed to not remain stagnate.
The only question this incident raises for me is a casual pondering as to whether we will need to treat cryptocurrency tools in a similar way to “hacking” tools, patented codecs, and libdvdcss and keep them out of openSUSE to avoid legal entanglements.
This is a discussion that needs or should happen. Guess I'll start. If I'm running a bitcoin node via flatpak on a Tumbleweed machine and it's processing the less than 1% criminal activity [1] on the bitcoin network, is their a problem? Should we now start to consider having tools that prevent certain flatpaks from being used on our distros?
[1] https://blog.chainalysis.com/reports/2022-crypto-crime-report-introduction/
That’s not really a relevant question for the openSUSE Project mailing list The openSUSE project doesn’t distribute any Flatpaks Distributors have responsibilities - As demonstrated by GitHubs actions fulfilling their obligations under law in this case. A more relevant question would be “Should we block RPMs, Disk Images, or other media we do build, from OBS/our repos that contain software that is primarily used for activity that the relevant authorities (DE plus UK plus US) consider illegal?” But I’m not sure that’s even a question that needs answering, obvious established precedent in this Project is “yes”, we don’t allow such software on our infra and we don’t distribute it, even if it’s open source. And I don’t think we should change that approach. If the laws are wrong, the countries in question need to change them, but that’s a political battle to be conducted on a broad front with broad support. And I don’t think the large amount of illegal moneylaundering which the app in question here was clearly used for here really endears it as the rallying call for such a fight.
Dne pondělí 15. srpna 2022 17:47:46 CEST, doug demaio napsal(a):
Firstly, last week, the United States Treasury’s Office of Foreign Assets Control (OFAC) sanctioned open source software Tornado Cash. Make no mistake, this was a sanctioning of a technology. Writing code is a freedom and we as an open-source community value the freedoms to use, share, study, modify and share code. I don’t believe any of us want this freedoms to be taken away.
Was it really sanction of *technology* and not it's *usage*? I don't know, but plans to make a gun on 3D printer could technically also be GPL-licensed OSS, but I can easily image its sanctioning... So where is the border?
GitHub removed the account of the code and removed its developers.
Dependency on private company is always risky, isn't it? ;-)
The third event was that Dutch authorities arrested the developer Alexey Pertsev. There is little information about his arrest, but it appears to be done to intimidate developers from expressing their freedom to develop free software.
This seems like strong interpretation. I might be missing something, but would You have any supporting info for this? -- Vojtěch Zeisek https://trapa.cz/ Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/
On Mon 2022-08-15, Carl Symons wrote:
avoid Micro$oft and venture-capital-funded/profit-seeking operations: Github, Gitlab works fine [...]
On Tue 2022-08-16, Vojtěch Zeisek wrote:
Dependency on private company is always risky, isn't it? ;-)
I believe this is missing the point: Whether a company is private or public (Github/Microsoft are public, by the way), or whether it's a company or a foundation or some other form of organization or simply an individual does not matter. What matters is whether there are a legal entity / actual people operating the infrastructure that can receive court orders. I doubt the actual outcome would have been much different had this been the Linux Foundation, Free Software Foundation, FreeBSD Foundation, Apache Foundation,... you name it. Gerald
Vojtěch Zeisek wrote:
Dne pondělí 15. srpna 2022 17:47:46 CEST, doug demaio napsal(a):
Firstly, last week, the United States Treasury’s Office of Foreign Assets Control (OFAC) sanctioned open source software Tornado Cash. Make no mistake, this was a sanctioning of a technology. Writing code is a freedom and we as an open-source community value the freedoms to use, share, study, modify and share code. I don’t believe any of us want this freedoms to be taken away. Was it really sanction of *technology* and not it's *usage*?
"As a result of today’s action, all property and interests in property of the entity above, Tornado Cash, that is in the United States or in the possession or control of U.S. persons is blocked and must be reported to OFAC." This is where GitHub had to act as it is a US company. Full statement is https://home.treasury.gov/news/press-releases/jy0916 SN - the project is saying... https://twitter.com/TornadoCash/status/1557048526986780677?s=20&t=Ikq6EPZJkIqTwkbS2vyUeg
The third event was that Dutch authorities arrested the developer Alexey Pertsev. There is little information about his arrest, but it appears to be done to intimidate developers from expressing their freedom to develop free software. This seems like strong interpretation. I might be missing something, but would You have any supporting info for this?
You can find the official statement about the arrest of the developer from Dutch authorities here. https://www.fiod.nl/arrest-of-suspected-developer-of-tornado-cash/
On 15.08.22 17:47, doug demaio wrote:
Questions Rephrased: 1. Should we begin to think about alternatives to source code hosting services like GitHub and GitLab?
I'd say that's every developer's own decision. Or, to rephrase: who is "we"? And which git repositories does this "we" produce? Fortunately, due to git's inherent distributed approach, if github kicks me out (or just annoys me too much with $WHATEVERTHEYDO), then I just push my repo to some other hosting service, or just host my own git repo server. So for my small, unimportant projects, github.com's free hosting is still "good enough" for me. But yes, I'll certainly look for other options for future projects. Addendum: Because I know it is always possible that $company closes my account for whatever reason, I'm trying to use as little of their "addon cream" as possible. Github issues / ci workflows, whatever? I'm not using it much and thus I will not miss it (or it will be only a minor oain). The "raw" git repo data is what's important for me. And that can easily be pushed anywhere. -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman
participants (15)
-
Alberto Planas -
Ancor Gonzalez Sosa -
Axel Braun -
Carl Symons -
doug demaio -
Gerald Pfeifer -
Henne Vogelsang -
Jacob Michalskie -
jdd@dodin.org -
Jim Henderson -
Martin Winter -
Richard Brown -
Simon Lees -
Stefan Seyfried -
Vojtěch Zeisek