As a finn, I understand that there are probably legal reasons for doing this.
I just wish they would be transparent and share those reasons with us. The Linux kernel is certainly not the only free software project that is impacted, if this comes straight from EU/US sanctions. Maintainers of other projects have a lot of interest in what is happening.
Transparency is also important because if EU/US policy/sanctions are causing issues for free software projects, then that discussion needs to be public, so that there is a chance to amend the policies if necessary.
The legal reasons was because the Linux Foundation is based in the USA and the targeted devs worked for companies explicitly sanctioned by the USA. Linus said he knew and trusted the devs he was forced to delist.
The Linux Foundation needs to relocate to some stable neutral country like Switzerland.
Switzerland is controlled by the US
Suggest a country then
We’re gonna start seeing large open source communities start to break into smaller ones because of sanctions from now aren’t we?
You don’t need sanctions. I’ve seen you petty fucks fork projects over a font.
They’ll fight over fonts meanwhile WordPress is on fire and where are the forks?
Or a name
BringFork out the GIMP!gimp-qt
:3
This sets such a bad precedent…
The bad precedent was starting a war
Yeah I’m sure the maintainers are in talks with Putin directly
Removed by mod
If/when the Russian government comes knocking on their door and tells them that they need to do x, y, and z with the kernel
CIA could do that too.
Ah yes. The Finnish CIA.
They have one?
Any moderator want to actually let me know why my comment was removed, or…?
Is pointing out the dangers of working in an autocratic nation against the rules?
I can see the comment dude.
Arguably, ITAR set the precedent in the 1990’s during the crypto wars. USians used to have to travel to Canada to work on cryptographic code in OpenBSD because their commits couldn’t legally be exported.
This article gives a good discussion about a potential coming East/West political split in the world of FOSS.
https://thenewstack.io/avoiding-a-geopolitical-open-source-apocalypse/
Free as in… obeys US foreign policy
I’m pretty sure not just the US wants Russia sanctioned to the oblivion. All of the Europe that borders Russia wants that. Now why would it be like that?
It makes no sense to discuss here.They probably follow Russia’s narrative of Europe being a puppet of the US.
In the article, Linus explicitly said that it’s not just a US thing:
And FYI for the actual innocent bystanders who aren’t troll farm accounts - the “various compliance requirements” are not just a US thing.
That’s more like his opinion or a post facto justification. Turns out it is a US thing.
If your company is on the U.S. OFAC SDN lists, subject to an OFAC sanctions program, or owned/controlled by a company on the list, our ability to collaborate with you will be subject to restrictions, and you cannot be in the MAINTAINERS file.
So to get back, you have to basically prove that you have no relations with OFAC SDN companies.
This update is from https://lwn.net/Articles/995186/
Shit like this is why I use the most generic yankee cowboy aliases online.
Everyone who disagrees with me is a paid russian troll of course. Nobody would oppose blacklisting people based on nothing but their nationality unless they were getting paid for it.
I guess it’s difficult to otherwise explain the position you have? It’s not like people face criminal charges in Russia just for speaking against it. It’s easy to see how the state would want to introduce backdoors to most western systems.
It’s extremely sad that a lot of good Russians get swooped in this. But even abroad their lives are in danger to fight the state.
I doubt if someone wants to introduce a backdoor, they would do that with a russian mailing address. People removed were open and transparent about their nationalities which means there is even less chance them being bad actors than some random guy pretending to be American.
Aren’t the removed commiters with direct access to the kernel? It’s not like it’s some rando that makes pull requests.
deleted by creator
I think you’re making up a world in your head. Who are these “lots” of “good” Russians who are abroad and whose lives are in realistically danger of state assassination? Not that it has never happened, but you’re blowing things out of proportion. Probably Russia does it at a scale roughly similar to the US.
I think you’re making up a world in your head.
My friend, they poisoned people in the UK with a fucking nerve agent. They are so brazen and open about people being killed for not doing that the Kremlin tells them.
They have purposely made a meme out of the “suspiciously fell from window” thing, because they want people to know exactly what happens and why.
Nerve agents compared to drone strikes look humane and civilized.
Disagree. Chemical warfare is an entirely different beast.
We’re talking about poisoning a single person not a gas cloud. Poisoning a single person vs drone striking a wedding.
they poisoned people in the UK with a fucking nerve agent.
Yes, they did. How often is that happening? Proportion.
We’re not talking about taking out former spies in foreign, sovereign nations you dolt. I used that as an example to show just how brazen and open they are about this stuff. Using such a dangerous method, on foreign soil, is basically unheard of.
If you actually want to talk about frequency, we should be looking at the defenestration cases…
This shit is happening so frequently that there are several wiki pages dedicated to listing them:
https://en.wikipedia.org/wiki/Suspicious_deaths_of_notable_Russians_in_2022
Scroll down to “see also” for a long list of related articles about the Russian government assassinating citizens and low-level bureaucrats.
Assuming you actually give a shit
EDIT: apparently Lemmy markdown doesn’t like the link. For anyone who can’t figure out why it’s not working, or for some weird reason thinks I would make up a wiki page with a title that specific:
Suspicious deaths of notable Russians in 2022–2024
And, again, after checking out the main article, take a look at the “see also” section.
Wikipedia does not have an article with this exact name.
In any case, the defenestrations I’ve heard of have been within Russia, not outside it.
Using such a dangerous method, on foreign soil, is basically unheard of.
Not unheard of. US drone strikes on US citizens is a no-less dangerous a method.
It’s almost as if the markdown on Lemmy changed the text of the link so it’s not valid.
And you couldn’t take the 3 second to fix it, and then actually learn something.
Well done.
You also seem confused about what we are even talking about. We are referring to software developers WITHIN RUSSIA. So the risk of defenestration is very real. Again, to repeat myself, I only brought up Russia using chemical warfare on foreign soil as an example to show how open and brazen they are.
I edited the original comment with a fixed link if you actually care
Very nice link that not only does not have a list of names but also fairly explicitly explains that it is not talking about Americans killing Americans.
I am not going to spend more than 30 seconds on it but here is the first list of “lots” of Russians that are believed to have been assassinated by their own government.
https://en.m.wikipedia.org/wiki/Suspicious_deaths_of_notable_Russians_in_2022–2024
Despite your personal attacks, the trivially discoverable facts are not on your side.
I used Wikipedia since you apparently find it credible.
My favourite “suicide” of a notable Russian in the last couple of years was the one that had a suicide note signed by “illegible signature” ( what it actually said ). I guess the FSB did not totally understand the instructions.
Indeed A LOT of falling out of windows. Quite a bit of poisoning as well. These are the successful ones. How about that time they poisoned the entire Ukrainian peace team including the owner of the Chelsea Football Club?
That’s true, as he said just use your brain, Russia is under sanctions he literally said that, so Russian troll is a actually very accuracy
“The imperial core is sanctioning Russia therefore you are a Russian troll.” Impeccable logic.
He’s gonna ban american and “israeli” maintainers too then, I guess?
Why? There aren’t any sanctions for them in Finland?
Linus said it was to prevent security backdoors.
It can be two things.
He alludes to sanctions being a factor but never clarifies on advice from his lawyers. ngl I don’t like the look of it just from a transparency perspective.
Probably because the advice in question was lengthy and technical (subtype: laws and legality), and the short form had the disclaimer "Please don’t publish the short form because it’s too much like giving legal advice.) Something similar happened back in 2012 with Project Byzantium, when we were consulting with the EFF with respect to having cryptographic libraries included in the distro.
Hey - an explanation. Who’da’thunk it?
Shame to see this shit from torvalds
deleted by creator
Hm i never coded a line in my life, but i always wondered so honest question to the experts here: is it realistic that someone codes security back doors so hidden in other bad or wrong documented code, that nobody recognizes it in OSS community? I mean code is getting more complicated and specialized, dont you need more and more human resources (more than one person and hopefully not all with a bad intention) to check over that code? If im correct you shouldnt let more code into your software than the community is able to check an validate several times… Doesnt mean it has to be russians that need to be excluded idk
Yes, not only is it realistic, it has actually happened. It’s easier to write code than understand it. Even when reviewing code, you miss more or less obvious issues. Not to mention intentional vulnerabilities that can be sneaked in over multiple commits and time span long enough to make reviewers forget the larger context.
There will be a million security issues across all OSS. Some of it will be intentional; if so definitely don’t expect it to be a “findable” back door. It will be a set of vulnerabilities across several projects, that when combined allow the perpetrators privilege-escalations or a known path through a security system. Removing “Russians” from contribution doesn’t actually stop that, everyone can use a VPN and work as an American or whatever, but it does send a signal.
Interesting answers, thanks!
This might not be super useful if you don’t write code but I always found the contest submissions fun to read and try to figure out for the https://www.underhanded-c.org/ contest.
They break down and explain the runner up and finalist for each year and how the attack works. It’s usually something very subtle that most people wouldn’t catch.
fremdscham++
😬Removed by mod
are the tankies in the room with us right now
Lemmy was built by communists. you would be better served by going back to Reddit.
Removed by mod
Based Linus as always