So, I went and did some research on this. Disclaimer, I am not a lawyer, and Red Hat can't give specific legal advice. That said, these export restrictions are in place and applicable no matter which base image you choose/use (Alpine, CentOS, Debian, Ubuntu, etc). Essentially, the law is the same no matter what, and can extend to non-US citizens as well (I remember this from our yearly legal training) which I dread in December :-/
The difference here is that the UBI EULA is basically making people pay attention to the problem now. Obviously, Red Hat is not going to be the entity suing you if you break export compliance, it would be the US government. Apparently, the whole world is "doing this wrong" today and the world hasn't ended. I totally understand your nervousness with seeing this in writing now. I tried to check the DockerHub FAQ [1], but it "looks" like they may only be enforcing export compliance for their own products (they are an entity that might be targeted). We are doing the same thing for quay.io and I could talk to the quay people to have this turned on if you wanted to distribute there (aka then quay.io would block those countries for you). Quay.io has a roadmap item to give people a "check box" to turn this on, but it doesn't exist yet and appears delayed. The short term solution is "ask quay.io to turn it on behind the scenes" - sub optimal, but still good that it's available. [1]: https://docs.docker.com/docker-hub/publish/publisher_faq/ Best Regards Scott M On Tuesday, June 18, 2019 at 2:42:00 PM UTC-4, Scott McCarty wrote: > > Oleg & Fred, > Very good question. I am actually not sure myself, exactly what these > restrictions mean. I am going to run it by one of our lawyers and get back > to you. I will try and get more clarity... > > Best Regards > Scott M > > On Tuesday, June 18, 2019 at 10:00:32 AM UTC-4, Oleg Nenashev wrote: >> >> FTR https://github.com/jenkinsci/docker/pull/826 for CentOS. >> >> Regarding UBI, I have the same concern as Fred. We have no tools to >> enforce the Export limitations on DockerHub. I am also not sure that >> restricting specific countries according to US laws is compliant with how >> the Jenkins open-source project operates. IIRC we used to have contributors >> from the countries restricted by US. >> >> Best regards, >> Oleg >> >> >> On Monday, June 17, 2019 at 7:01:48 PM UTC+2, Fred Blaise wrote: >>> >>> Hi Scott, >>> >>> What do you think of the export restrictions in the EULA? (some ref: >>> https://www.law.cornell.edu/cfr/text/15/740.17) >>> >>> Any chance you could confirm internally with Redhat that UBI is 100% fit >>> for Jenkins open-source? >>> >>> Thank you. >>> Best, >>> fred >>> >>> On Wednesday, May 15, 2019 at 11:14:40 PM UTC+2, Scott McCarty wrote: >>>> >>>> All, >>>> I saw this thread a while back, but couldn't respond until after we >>>> launched UBI publicly. UBI follows the RHEL lifecycle, but has the added >>>> bonus that 1. new versions come out before CentOS and 2. receives RHEL >>>> updates (exact same RPMS). You can build on think of it as CentOS+ when >>>> ran >>>> anywhere, with the added bonus that it can be run on RHEL/OpenShift and be >>>> fully supported by Red Hat. It's distributed under a different EULA than >>>> other Red Hat which does allow redistribution of Red Hat trademarks in the >>>> content set (YUM/RPMS, images, etc). Also, we will likely add packages in >>>> the future, but will never remove them. Feel free to ping me if you have >>>> any questions ([email protected]) or this email... >>>> >>>> - >>>> >>>> >>>> https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image >>>> - >>>> >>>> >>>> https://access.redhat.com/containers/#/product/5c180b28bed8bd75a2c29a63 >>>> >>>> Scott M (@fatherlinux) >>>> >>>> On Friday, May 10, 2019 at 4:09:56 AM UTC-4, Oleg Nenashev wrote: >>>>> >>>>> FYI there is a pull request for CentOS image in Jenkins Docker packages >>>>> https://github.com/jenkinsci/docker/pull/826 >>>>> >>>>> On Wednesday, February 27, 2019 at 5:29:20 PM UTC+1, R Tyler Croy >>>>> wrote: >>>>>> >>>>>> (replies inline) >>>>>> >>>>>> On Wed, 27 Feb 2019, Olblak wrote: >>>>>> >>>>>> > But I am wondering, instead of going with Centos why not using this >>>>>> PPA <https://launchpad.net/~openjdk-r/+archive/ubuntu/ppa> with >>>>>> ubuntu? >>>>>> > This would imply a smaller breaking change >>>>>> >>>>>> I do not believe that Jenkins should rely on any PPA (Personal >>>>>> Package >>>>>> Archive), they have a tendency of growing stale unlike mainstream >>>>>> official >>>>>> packages. >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> GitHub: https://github.com/rtyler >>>>>> >>>>>> GPG Key ID: 0F2298A980EE31ACCA0A7825E5C92681BEF6CEA2 >>>>>> >>>>> -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/6c0842d2-7e1c-4e00-97a0-3fea4eac979f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
