mxnet-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tianqi Chen <tqc...@cs.washington.edu>
Subject Re: [DISCUSS] Deprecating and Forbidding Terraform and Other Services by HashiCorp in MXNet
Date Sun, 31 May 2020 17:37:30 GMT
https://opensource.org/docs/osd
> 5. No Discrimination Against Persons or Groups

It would be useful to focus on ^ principles, and focus on building better
software together.

TQ

On Sun, May 31, 2020 at 9:33 AM Sheng Zha <zhasheng@apache.org> wrote:

> Hi Marco,
>
> At the time I started the thread, the specific term related to China reads
> as follows:
>
> PLEASE NOTE THAT THE SOFWARE MAY NOT BE USED, DEPLOYED, OR INSTALLED IN
> THE PEOPLE'S REPUBLIC OF CHINA. [1]
>
> My concern with the above clause is that it starts the practice of
> HashiCorp targeting a group of the community resides in a specific region.
> I'm worried that they could change terms of use at any moment that could
> render the normal usage illegal and our community members liable.
>
> The situation has changed as HashiCorp indeed revised the specific clause
> to include only Vault enterprise version. From the reply I think you only
> read the updated version. Since the current version of their term of use
> doesn't affect our project anymore, I'm OK to leave it as is.
>
> -sz
>
> [1] https://pbs.twimg.com/media/EZLJJwjUYAM8Xk-?format=jpg&name=large
>
> On 2020/05/31 09:58:08, Marco de Abreu <marco.g.abreu@gmail.com> wrote:
> > The statement is specifically about HashiCorp Vault enterprise edition -
> > speak a single module of their enterprise suite which is about credential
> > encryption.
> >
> > I didn't read further, but my first guess is that they are not offering
> it
> > in China since the Chinese government - as far as I can recall - is
> > restricting the usage of encryption methods to those, which they consider
> > weak and exploitable.
> >
> > From that point on, it becomes more a political question. I personally am
> > quite concerned about a government using their power to undermine
> security
> > of software.
> >
> > Since this statement is only about vault enterprise edition and we're not
> > using vault at all, I'd leave it as is. Supporting such a horrible
> practice
> > by "boycotting" HashiCorp in general would send the wrong signals  from
> an
> > open source communities point of view.
> >
> > -Marco
> >
> > Sheng Zha <zhasheng@apache.org> schrieb am So., 31. Mai 2020, 05:08:
> >
> > > Dear community,
> > >
> > > Yesterday, HashiCorp added to their terms of evaluation the clause that
> > > forbids usage of the enterprise version of any HashiCorp software in
> the
> > > People's Republic of China [1]. While this does not affect the usage
> of the
> > > community version, it does signal the potential legal risk to many of
> our
> > > community members in China. In light of this recent development, I'm
> > > initiating discussion on deprecating the usage of HashiCorp software
> and
> > > services and forbidding their usage in MXNet infrastructure until
> situation
> > > changes.
> > >
> > > I believe that the community cannot be traded for the technological
> > > convenience. Currently, we have part of our CI and GitHub labeling
> robot
> > > bootstrapping logic that relies on Terraform, a service provided by
> > > HashiCorp [2]. Since all its usage that I found are for bootstrapping
> on
> > > AWS, replacing them with CloudFormation is feasible and likely
> > > straightforward.
> > >
> > > Your input is appreciated.
> > >
> > > Regards,
> > > Sheng
> > >
> > > [1] https://www.hashicorp.com/terms-of-evaluation
> > > [2]
> > >
> https://github.com/apache/incubator-mxnet-ci/search?q=terraform&unscoped_q=terraform
> > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message