The CNCF has delicately stepped into the controversy over Chinese networking-to-everything giant Huawei, after Donald Trump’s move to isolate the would-be 5G leader.
The problem is the US’s May addition of Huawei to its “Entity List” because “The U.S. Government has determined that there is reasonable cause to believe that Huawei has been involved in activities contrary to the national security or foreign policy interests of the United States.”
This has spooked tech vendors, including Facebook and Google, with Google declaring it would not share Android updates with Huawei. ARM, which is pretty central to the mobile chips market, has also said it will suspend cooperation with Huawei, as have a host of other tech companies. In fact, just the sort of companies you see on the membership roster of groups like the CNCF and its parent org the Linux Foundation.
For its part, the CNCF appears to have said it will continue to cooperate with Huawei, essentially because there are no secrets in the CNCF world.
In a blog post yesterday, CNCF executive director Dan Kohn reiterated that “Design, discussions, and decision-making around technical topics of CNCF-hosted projects should occur in public view.” This covers GitHub issues and pull requests, public Google Docs, public mailing lists, he continued, and “conference calls at which anyone may participate (and which are normally published afterward on YouTube), and in-person meetings at KubeCon + CloudNativeCon and similar events.”
This was “particularly important in light of the Linux Foundation’s (revised) Statement on the Huawei Entity List Ruling.”
Kohn wrote that this openness “affords us exceptions to regulations other closed organizations may have to address differently.”
“Openness is particularly important in any discussions involving encryption since encryption technologies can be subject to Export Administration Regulations,” he said.
The Linux Foundation’s statement in May noted that “Open source encryption software source code was reclassified by the US Department of Commerce, Bureau of Industry and Security (BIS) effective September 20, 2016 as “publicly available” and no longer “subject to the EAR.”
That last line might send a shiver of older readers’ spines, as they cast their minds back to the days when they had to be mindful of cold war era export controls covering encryption technology in particular, and computing gear in general.
Both the Linux Foundation and CNCF are in a very delicate position on this. Huawei is a Platinum member of both organisations of the Linux Foundation, meaning combined dues of the better part of a million dollars, before taking into account sponsorship at events, and other ways it contributes.