I am just trying to send a note about the principle, not trying to give any opinions about X should do Y.
See also the explaination in the annotated version https://opensource.org/osd-annotated Given that particular part of the code is not linked/distribute by the Apache project, we might be fine. I think it is important to not having an opinion here and use the principle to enable maximum collaboration as in the osd principal. The challenge here is not really about we think, but what the community members thinks and our willingness to find a resolution. Again I am not suggesting any action here, but just to reflect on the principle TQ On Sun, May 31, 2020 at 11:28 AM Marco de Abreu <marco.g.ab...@gmail.com> wrote: > Tianqi, I think that statement can go in both directions. The Chinese > government is actively restricting companies from operating if they do not > cooperate with the government and weaken their security. Thus, I would not > consider HashiCorp to be actively discriminating here. > > From that point on it's political and since the policy does not apply to > us, I think it's better to close the discussion here. > > -Marco > > Tianqi Chen <tqc...@cs.washington.edu> schrieb am So., 31. Mai 2020, > 19:38: > > > https://opensource.org/docs/osd > > > 5. No Discrimination Against Persons or Groups > > > > It would be useful to focus on ^ principles, and focus on building better > > software together. > > > > TQ > > > > On Sun, May 31, 2020 at 9:33 AM Sheng Zha <zhash...@apache.org> wrote: > > > > > Hi Marco, > > > > > > At the time I started the thread, the specific term related to China > > reads > > > as follows: > > > > > > PLEASE NOTE THAT THE SOFWARE MAY NOT BE USED, DEPLOYED, OR INSTALLED IN > > > THE PEOPLE'S REPUBLIC OF CHINA. [1] > > > > > > My concern with the above clause is that it starts the practice of > > > HashiCorp targeting a group of the community resides in a specific > > region. > > > I'm worried that they could change terms of use at any moment that > could > > > render the normal usage illegal and our community members liable. > > > > > > The situation has changed as HashiCorp indeed revised the specific > clause > > > to include only Vault enterprise version. From the reply I think you > only > > > read the updated version. Since the current version of their term of > use > > > doesn't affect our project anymore, I'm OK to leave it as is. > > > > > > -sz > > > > > > [1] https://pbs.twimg.com/media/EZLJJwjUYAM8Xk-?format=jpg&name=large > > > > > > On 2020/05/31 09:58:08, Marco de Abreu <marco.g.ab...@gmail.com> > wrote: > > > > The statement is specifically about HashiCorp Vault enterprise > edition > > - > > > > speak a single module of their enterprise suite which is about > > credential > > > > encryption. > > > > > > > > I didn't read further, but my first guess is that they are not > offering > > > it > > > > in China since the Chinese government - as far as I can recall - is > > > > restricting the usage of encryption methods to those, which they > > consider > > > > weak and exploitable. > > > > > > > > From that point on, it becomes more a political question. I > personally > > am > > > > quite concerned about a government using their power to undermine > > > security > > > > of software. > > > > > > > > Since this statement is only about vault enterprise edition and we're > > not > > > > using vault at all, I'd leave it as is. Supporting such a horrible > > > practice > > > > by "boycotting" HashiCorp in general would send the wrong signals > from > > > an > > > > open source communities point of view. > > > > > > > > -Marco > > > > > > > > Sheng Zha <zhash...@apache.org> schrieb am So., 31. Mai 2020, 05:08: > > > > > > > > > Dear community, > > > > > > > > > > Yesterday, HashiCorp added to their terms of evaluation the clause > > that > > > > > forbids usage of the enterprise version of any HashiCorp software > in > > > the > > > > > People's Republic of China [1]. While this does not affect the > usage > > > of the > > > > > community version, it does signal the potential legal risk to many > of > > > our > > > > > community members in China. In light of this recent development, > I'm > > > > > initiating discussion on deprecating the usage of HashiCorp > software > > > and > > > > > services and forbidding their usage in MXNet infrastructure until > > > situation > > > > > changes. > > > > > > > > > > I believe that the community cannot be traded for the technological > > > > > convenience. Currently, we have part of our CI and GitHub labeling > > > robot > > > > > bootstrapping logic that relies on Terraform, a service provided by > > > > > HashiCorp [2]. Since all its usage that I found are for > bootstrapping > > > on > > > > > AWS, replacing them with CloudFormation is feasible and likely > > > > > straightforward. > > > > > > > > > > Your input is appreciated. > > > > > > > > > > Regards, > > > > > Sheng > > > > > > > > > > [1] https://www.hashicorp.com/terms-of-evaluation > > > > > [2] > > > > > > > > > > > https://github.com/apache/incubator-mxnet-ci/search?q=terraform&unscoped_q=terraform > > > > > > > > > > > > > > > > > > > >
