Fred,
Yeah I just googled for Debian [1], Suse [2], Ubuntu [3]. They all
pretty much say the same thing. US Law, blah, blah, blag. Like I said, I am
now 99% sure the whole world is just "doing it wrong" and most entities
(projects, people, companies) are too small for the government to notice.
I also scheduled a call with our legal export team to better understand
this myself. I need to be able to, at least describe it to communities,
partners and customers...
Like I said, quay.io can manually turn on an enforcing feature if you need
it. I suspect DockerHub can too...
[1]: Debian: https://www.debian.org/legal/cryptoinmain.en.html
[2]: Suse: https://www.suse.com/company/legal/terms-of-use/
[3]: https://ubuntu.com/legal/ubuntu-advantage-service-terms
Best Regards
Scott M
On Wed, Jun 19, 2019, 6:16 PM Fred Blaise <fbla...@cloudbees.com> wrote:
> Thank you Scott for going the extra mile.
>
> Your answer is what I expected it to be, and I would somehow concur on the
> fact that it's been around forever, but noone ever really cared.
>
> CentOS has them too, as you mentioned: https://www.centos.org/legal/
>
> On Wed, Jun 19, 2019 at 3:45 PM Scott McCarty <scott.mcca...@gmail.com>
> wrote:
>
>> So, I went and did some research on this. Disclaimer, I am not a lawyer,
>> and Red Hat can't give specific legal advice. That said, these export
>> restrictions are in place and applicable no matter which base image you
>> choose/use (Alpine, CentOS, Debian, Ubuntu, etc). Essentially, the law is
>> the same no matter what, and can extend to non-US citizens as well (I
>> remember this from our yearly legal training) which I dread in December :-/
>>
>> The difference here is that the UBI EULA is basically making people pay
>> attention to the problem now. Obviously, Red Hat is not going to be the
>> entity suing you if you break export compliance, it would be the US
>> government. Apparently, the whole world is "doing this wrong" today and
>> the world hasn't ended. I totally understand your nervousness with seeing
>> this in writing now.
>>
>> I tried to check the DockerHub FAQ [1], but it "looks" like they may only
>> be enforcing export compliance for their own products (they are an entity
>> that might be targeted). We are doing the same thing for quay.io and I
>> could talk to the quay people to have this turned on if you wanted to
>> distribute there (aka then quay.io would block those countries for you).
>> Quay.io has a roadmap item to give people a "check box" to turn this on,
>> but it doesn't exist yet and appears delayed. The short term solution is
>> "ask quay.io to turn it on behind the scenes" - sub optimal, but still
>> good that it's available.
>>
>> [1]: https://docs.docker.com/docker-hub/publish/publisher_faq/
>>
>> Best Regards
>> Scott M
>>
>>
>> On Tuesday, June 18, 2019 at 2:42:00 PM UTC-4, Scott McCarty wrote:
>>>
>>> Oleg & Fred,
>>> Very good question. I am actually not sure myself, exactly what
>>> these restrictions mean. I am going to run it by one of our lawyers and get
>>> back to you. I will try and get more clarity...
>>>
>>> Best Regards
>>> Scott M
>>>
>>> On Tuesday, June 18, 2019 at 10:00:32 AM UTC-4, Oleg Nenashev wrote:
>>>>
>>>> FTR https://github.com/jenkinsci/docker/pull/826 for CentOS.
>>>>
>>>> Regarding UBI, I have the same concern as Fred. We have no tools to
>>>> enforce the Export limitations on DockerHub. I am also not sure that
>>>> restricting specific countries according to US laws is compliant with how
>>>> the Jenkins open-source project operates. IIRC we used to have contributors
>>>> from the countries restricted by US.
>>>>
>>>> Best regards,
>>>> Oleg
>>>>
>>>>
>>>> On Monday, June 17, 2019 at 7:01:48 PM UTC+2, Fred Blaise wrote:
>>>>>
>>>>> Hi Scott,
>>>>>
>>>>> What do you think of the export restrictions in the EULA? (some ref:
>>>>> https://www.law.cornell.edu/cfr/text/15/740.17)
>>>>>
>>>>> Any chance you could confirm internally with Redhat that UBI is 100%
>>>>> fit for Jenkins open-source?
>>>>>
>>>>> Thank you.
>>>>> Best,
>>>>> fred
>>>>>
>>>>> On Wednesday, May 15, 2019 at 11:14:40 PM UTC+2, Scott McCarty wrote:
>>>>>>
>>>>>> All,
>>>>>> I saw this thread a while back, but couldn't respond until after
>>>>>> we launched UBI publicly. UBI follows the RHEL lifecycle, but has the
>>>>>> added
>>>>>> bonus that 1. new versions come out before CentOS and 2. receives
>>>>>> RHEL updates (exact same RPMS). You can build on think of it as CentOS+
>>>>>> when ran anywhere, with the added bonus that it can be run on
>>>>>> RHEL/OpenShift and be fully supported by Red Hat. It's distributed under
>>>>>> a
>>>>>> different EULA than other Red Hat which does allow redistribution of Red
>>>>>> Hat trademarks in the content set (YUM/RPMS, images, etc). Also, we will
>>>>>> likely add packages in the future, but will never remove them. Feel free
>>>>>> to
>>>>>> ping me if you have any questions (smcc...@redhat.com) or this
>>>>>> email...
>>>>>>
>>>>>> -
>>>>>>
>>>>>>
>>>>>>
>>>>>> https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image
>>>>>> -
>>>>>>
>>>>>>
>>>>>>
>>>>>> https://access.redhat.com/containers/#/product/5c180b28bed8bd75a2c29a63
>>>>>>
>>>>>> Scott M (@fatherlinux)
>>>>>>
>>>>>> On Friday, May 10, 2019 at 4:09:56 AM UTC-4, Oleg Nenashev wrote:
>>>>>>>
>>>>>>> FYI there is a pull request for CentOS image in Jenkins Docker
>>>>>>> packages
>>>>>>> https://github.com/jenkinsci/docker/pull/826
>>>>>>>
>>>>>>> On Wednesday, February 27, 2019 at 5:29:20 PM UTC+1, R Tyler Croy
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> (replies inline)
>>>>>>>>
>>>>>>>> On Wed, 27 Feb 2019, Olblak wrote:
>>>>>>>>
>>>>>>>> > But I am wondering, instead of going with Centos why not using
>>>>>>>> this PPA <https://launchpad.net/~openjdk-r/+archive/ubuntu/ppa>
>>>>>>>> with ubuntu?
>>>>>>>> > This would imply a smaller breaking change
>>>>>>>>
>>>>>>>> I do not believe that Jenkins should rely on any PPA (Personal
>>>>>>>> Package
>>>>>>>> Archive), they have a tendency of growing stale unlike mainstream
>>>>>>>> official
>>>>>>>> packages.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> GitHub: https://github.com/rtyler
>>>>>>>>
>>>>>>>> GPG Key ID: 0F2298A980EE31ACCA0A7825E5C92681BEF6CEA2
>>>>>>>>
>>>>>>> --
>> You received this message because you are subscribed to the Google Groups
>> "Jenkins Developers" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to jenkinsci-dev+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/jenkinsci-dev/6c0842d2-7e1c-4e00-97a0-3fea4eac979f%40googlegroups.com
>> <https://groups.google.com/d/msgid/jenkinsci-dev/6c0842d2-7e1c-4e00-97a0-3fea4eac979f%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/CAPNh5Ty7%3DoO%2BJCXaokqyPrthE4xKLZvG981b4dT%2BoH85f4XBaQ%40mail.gmail.com
> <https://groups.google.com/d/msgid/jenkinsci-dev/CAPNh5Ty7%3DoO%2BJCXaokqyPrthE4xKLZvG981b4dT%2BoH85f4XBaQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-dev/CA%2B%3DsWc3CDosG8wNndtpsxVM0MyMVzf%2BicTB%3Dv9Ygu3C9-JPLeA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
