If Amelkin works for YADRO, could he not know his company got sanctioned? It's pretty big thing to happen, and judging from his LinkedIn comments, he knows it. Yet he writes the suspension was "without any explanation whatsoever". I think he knows the explanation, he doesn't like it but it's no mystery to anyone.
That's very interesting: I'm not sure how to feel about this. On one hand, it aligns with my ethics to shut-down the operations of sanctioned companies to minimize their harm. On the other,
1. Ethics are relative
2. Should open-source contributions be dependent on such ethics?
On (1), I'm sure non-Americans would have ethical qualms with our Defense companies. Would I be okay with the hypothetical of letting a non-American company stop open-source development on a useful Lockheed Martin tool?
On (2), I have personally seen open-source contributions from sanctioned companies, e.g. Megvii. Is it fair to ban those employees (who may simply be unwilling to go through the hoops of immigration)?
As an aside, perhaps this repo could move to GNU Savannah?
> On one hand, it aligns with my ethics to shut-down the operations of sanctioned companies to minimize their harm.
Only if the sanctions are warranted by ethics. Which they are not, in this case - there isn't anything online I can find which supports sanctioning this specific company.
This is a repeating pattern in this conflict: even without substantial or even circumstantial proof that a russian company benefits from or at least tolerates the war, in the event Ukraine tells us to sanction the respective company, we have to obey or else.
What do we expect? Should all russian companies shut down because of the war? Would this be what we expect from all western companies, like when we attacked Iraq because of Weapons of Mass Destruction?
This is slowly really getting ridiculous. Even more so if this opens up an attack vector from even more non-friendlies because of an orphaned github account.
I suppose this is due to economic sanctions, but of course there's also the infosec concern.
Much of "tech" right now is still cavalier about software provenance in general. And IPMI is one of the more sensitive points.
I have a pretty warm-fuzzy aspirations about open source at its best: being collective effort, of people of goodwill, around the world, working together, for the benefit of all.
It's tragic that our world has so much conflict, aggression, inequity, and other ills. Open source is one place that we've sometimes formed bridges despite this, but it's not entirely immune to the larger world problems.
How did we allow Microsoft to have so much power of open source software that it can decide who gets to publish and who can't.
Instead of "liberating" social media (sorry, Twitter) from corporate faschism we should've built an open platform resilient against corporate takeovers.
Russia, time to create a github for people by the people.
The fallout1-ce and fallout2-ce repos got archives fairly recently as well. Looking at the owner's name made me concerned that exactly this was happening.
These, to put it mildly, not very smart people have opened a pandora's box and if they do not understand this in their blind anger, desire to please or arrogance, then I sincerely feel sorry for them and in general the entire open source community that somehow depends on github.
Readit News
https://home.treasury.gov/policy-issues/financial-sanctions/...
> https://github.com/ipmitool/ipmitool/search?q=YADRO
Deleted Comment
1. Ethics are relative
2. Should open-source contributions be dependent on such ethics?
On (1), I'm sure non-Americans would have ethical qualms with our Defense companies. Would I be okay with the hypothetical of letting a non-American company stop open-source development on a useful Lockheed Martin tool?
On (2), I have personally seen open-source contributions from sanctioned companies, e.g. Megvii. Is it fair to ban those employees (who may simply be unwilling to go through the hoops of immigration)?
As an aside, perhaps this repo could move to GNU Savannah?
Only if the sanctions are warranted by ethics. Which they are not, in this case - there isn't anything online I can find which supports sanctioning this specific company.
This is a repeating pattern in this conflict: even without substantial or even circumstantial proof that a russian company benefits from or at least tolerates the war, in the event Ukraine tells us to sanction the respective company, we have to obey or else.
What do we expect? Should all russian companies shut down because of the war? Would this be what we expect from all western companies, like when we attacked Iraq because of Weapons of Mass Destruction?
This is slowly really getting ridiculous. Even more so if this opens up an attack vector from even more non-friendlies because of an orphaned github account.
When you're in GitHub's position, how does your SBOM vulnerability management program handle it when you imperil your own infrastructure?
Much of "tech" right now is still cavalier about software provenance in general. And IPMI is one of the more sensitive points.
I have a pretty warm-fuzzy aspirations about open source at its best: being collective effort, of people of goodwill, around the world, working together, for the benefit of all.
It's tragic that our world has so much conflict, aggression, inequity, and other ills. Open source is one place that we've sometimes formed bridges despite this, but it's not entirely immune to the larger world problems.
Instead of "liberating" social media (sorry, Twitter) from corporate faschism we should've built an open platform resilient against corporate takeovers.
Russia, time to create a github for people by the people.
Dead Comment
https://docs.gitea.io/en-us/repo-mirror/#pulling-from-a-remo...
And when there are other contributors local copy is not guaranteed to be up to date unless you yourself are actively contributing as well.
Dead Comment