mxnet-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vishaal Kapoor <vkapoor3...@gmail.com>
Subject Re: [DISCUSS] Deprecating and Forbidding Terraform and Other Services by HashiCorp in MXNet
Date Sun, 31 May 2020 21:39:35 GMT
Hey folks,

Slack is also not available in all countries. Maybe this is something to
consider?

Just in case anyone didn't see this, it's Mitchell Hashimoto's response.
Take it as you will on item 5. I'm just including it here for information.
https://news.ycombinator.com/item?id=23349635


mitchellh <https://news.ycombinator.com/user?id=mitchellh> 2 days ago
<https://news.ycombinator.com/item?id=23351181> [–]

Hello, I'm a founder of HashiCorp and I'd like to explain this.

First, this document only applies to enterprise evaluation software. This
doesn't apply to our OSS software and this shouldn't be linked anywhere
near our OSS except in the context of signing up for an enterprise eval.

Most importantly: why is this here? This is NOT a political statement. This
is a legal requirement. The encryption we use in Vault is subject to
Chinese export control laws and it is illegal for us (by Chinese law) to
sell in China.

To be able to sell Vault within China we'd have to restrict the encryption
that could be used within Vault to government-acceptable versions.

We don't do this, therefore it is illegal for us to sell in China. We have
to include this line in our enterprise terms.

EDIT: Our legal team has updated the copy in our terms to be more explicit.
You can read the updated copy in the second paragraph here:
https://www.hashicorp.com/terms-of-evaluation

*reply
<https://news.ycombinator.com/reply?id=23351181&goto=item%3Fid%3D23349635%2323351181>*

Kind regards,
Vishaal

On Sun, May 31, 2020 at 11:48 AM Tianqi Chen <tqchen@cs.washington.edu>
wrote:

> I am just trying to send a note about the principle, not trying to give any
> opinions about X should do Y.
>
> See also the explaination in the annotated version
> https://opensource.org/osd-annotated
>
> Given that particular part of the code is not linked/distribute by the
> Apache project, we might be fine.
> I think it is important to not having an opinion here and use the principle
> to enable maximum collaboration as in the osd principal.
>
> The challenge here is not really about we think, but what the community
> members thinks and our willingness to find a resolution. Again I am not
> suggesting any action here, but just to reflect on the principle
>
> TQ
>
>
> On Sun, May 31, 2020 at 11:28 AM Marco de Abreu <marco.g.abreu@gmail.com>
> wrote:
>
> > Tianqi, I think that statement can go in both directions. The Chinese
> > government is actively restricting companies from operating if they do
> not
> > cooperate with the government and weaken their security. Thus, I would
> not
> > consider HashiCorp to be actively discriminating here.
> >
> > From that point on it's political and since the policy does not apply to
> > us, I think it's better to close the discussion here.
> >
> > -Marco
> >
> > Tianqi Chen <tqchen@cs.washington.edu> schrieb am So., 31. Mai 2020,
> > 19:38:
> >
> > > https://opensource.org/docs/osd
> > > > 5. No Discrimination Against Persons or Groups
> > >
> > > It would be useful to focus on ^ principles, and focus on building
> better
> > > software together.
> > >
> > > TQ
> > >
> > > On Sun, May 31, 2020 at 9:33 AM Sheng Zha <zhasheng@apache.org> wrote:
> > >
> > > > Hi Marco,
> > > >
> > > > At the time I started the thread, the specific term related to China
> > > reads
> > > > as follows:
> > > >
> > > > PLEASE NOTE THAT THE SOFWARE MAY NOT BE USED, DEPLOYED, OR INSTALLED
> IN
> > > > THE PEOPLE'S REPUBLIC OF CHINA. [1]
> > > >
> > > > My concern with the above clause is that it starts the practice of
> > > > HashiCorp targeting a group of the community resides in a specific
> > > region.
> > > > I'm worried that they could change terms of use at any moment that
> > could
> > > > render the normal usage illegal and our community members liable.
> > > >
> > > > The situation has changed as HashiCorp indeed revised the specific
> > clause
> > > > to include only Vault enterprise version. From the reply I think you
> > only
> > > > read the updated version. Since the current version of their term of
> > use
> > > > doesn't affect our project anymore, I'm OK to leave it as is.
> > > >
> > > > -sz
> > > >
> > > > [1]
> https://pbs.twimg.com/media/EZLJJwjUYAM8Xk-?format=jpg&name=large
> > > >
> > > > On 2020/05/31 09:58:08, Marco de Abreu <marco.g.abreu@gmail.com>
> > wrote:
> > > > > The statement is specifically about HashiCorp Vault enterprise
> > edition
> > > -
> > > > > speak a single module of their enterprise suite which is about
> > > credential
> > > > > encryption.
> > > > >
> > > > > I didn't read further, but my first guess is that they are not
> > offering
> > > > it
> > > > > in China since the Chinese government - as far as I can recall -
is
> > > > > restricting the usage of encryption methods to those, which they
> > > consider
> > > > > weak and exploitable.
> > > > >
> > > > > From that point on, it becomes more a political question. I
> > personally
> > > am
> > > > > quite concerned about a government using their power to undermine
> > > > security
> > > > > of software.
> > > > >
> > > > > Since this statement is only about vault enterprise edition and
> we're
> > > not
> > > > > using vault at all, I'd leave it as is. Supporting such a horrible
> > > > practice
> > > > > by "boycotting" HashiCorp in general would send the wrong signals
> > from
> > > > an
> > > > > open source communities point of view.
> > > > >
> > > > > -Marco
> > > > >
> > > > > Sheng Zha <zhasheng@apache.org> schrieb am So., 31. Mai 2020,
> 05:08:
> > > > >
> > > > > > Dear community,
> > > > > >
> > > > > > Yesterday, HashiCorp added to their terms of evaluation the
> clause
> > > that
> > > > > > forbids usage of the enterprise version of any HashiCorp software
> > in
> > > > the
> > > > > > People's Republic of China [1]. While this does not affect the
> > usage
> > > > of the
> > > > > > community version, it does signal the potential legal risk to
> many
> > of
> > > > our
> > > > > > community members in China. In light of this recent development,
> > I'm
> > > > > > initiating discussion on deprecating the usage of HashiCorp
> > software
> > > > and
> > > > > > services and forbidding their usage in MXNet infrastructure
until
> > > > situation
> > > > > > changes.
> > > > > >
> > > > > > I believe that the community cannot be traded for the
> technological
> > > > > > convenience. Currently, we have part of our CI and GitHub
> labeling
> > > > robot
> > > > > > bootstrapping logic that relies on Terraform, a service provided
> by
> > > > > > HashiCorp [2]. Since all its usage that I found are for
> > bootstrapping
> > > > on
> > > > > > AWS, replacing them with CloudFormation is feasible and likely
> > > > > > straightforward.
> > > > > >
> > > > > > Your input is appreciated.
> > > > > >
> > > > > > Regards,
> > > > > > Sheng
> > > > > >
> > > > > > [1] https://www.hashicorp.com/terms-of-evaluation
> > > > > > [2]
> > > > > >
> > > >
> > >
> >
> https://github.com/apache/incubator-mxnet-ci/search?q=terraform&unscoped_q=terraform
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message