Update on some maintainers / contributors.

Patrick Williams patrick at stwcx.xyz
Thu Oct 31 15:31:33 AEDT 2024 

Hello,

This is not a great situation for Open Source as a whole; involving
legal issues and international politics.  Since there has been some
public activity on other Open Source projects, especially the kernel,
it seems like we should be more forward about what is going on.

In early 2022, some of our contributors associated with a specific
company lost access to GitHub.  As a result of this they were unable to
access Gerrit.  Since that time, access has not been restored and they
continue to not be able to contribute to the project or provide feedback
as maintainers on sub-repositories (which some of them were).

I assume the reason those developers had their GitHub accounts
suspended was due to their company's appearance on a US government
sanctions list[1].  Recently, the Linux Kernel has removed a number of
maintainers for seemingly similar reasons.  A good article on the
situation can be found on Phoronix[2].

I have not seen any official/public policy from the Linux Foundation on
this situation, but it appears that high ranking members of the kernel
community decided to act based on some non-public guidance they were given.

The way we are handling the situation is as follows:

   - We use GitHub for authentication to Gerrit and have no plans to
     change from this.  Anyone interacting with the code there will
     need to have GitHub access.  Anyone who has been suspended /
     blocked by GitHub will not be able to interact with the codebase
     by either contributions or reviews.

   - We are not accepting new CCLAs from entities on the sanctions list
     or accepting ICLAs from individuals associated with these
     entities.

   - Maintainers who have lost access to Gerrit are being removed from
     OWNERS files to provide clarity to contributors.  I believe this
     affects one full repository and one meta layer.  I am assigning
     myself as the OWNER of the affected repository to ensure continuity
     of reviews but would greatly appreciate if someone else has an
     interest to take it over.  If the situation changes and the
     previous maintainers are able to resume participation, we can
     restore owner status to them.

   - No change is being implemented to the mailing list or Discord.

I do not have any advice for individual contributors on the project.  If
you have concerns, you may want to seek guidance within your company.

[1]: https://ofac.treasury.gov/faqs/topic/1631
[2]: https://www.phoronix.com/news/Linux-Compliance-Requirements

-- 
Patrick Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20241031/e7f6dae7/attachment-0001.sig>

More information about the openbmc mailing list