• ouch@lemmy.world
    link
    fedilink
    arrow-up
    70
    arrow-down
    3
    ·
    7 days ago

    As a finn, I understand that there are probably legal reasons for doing this.

    I just wish they would be transparent and share those reasons with us. The Linux kernel is certainly not the only free software project that is impacted, if this comes straight from EU/US sanctions. Maintainers of other projects have a lot of interest in what is happening.

    Transparency is also important because if EU/US policy/sanctions are causing issues for free software projects, then that discussion needs to be public, so that there is a chance to amend the policies if necessary.

    • sudo@programming.dev
      link
      fedilink
      arrow-up
      9
      arrow-down
      2
      ·
      6 days ago

      The legal reasons was because the Linux Foundation is based in the USA and the targeted devs worked for companies explicitly sanctioned by the USA. Linus said he knew and trusted the devs he was forced to delist.

      The Linux Foundation needs to relocate to some stable neutral country like Switzerland.

  • Arcturus@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    61
    arrow-down
    10
    ·
    7 days ago

    We’re gonna start seeing large open source communities start to break into smaller ones because of sanctions from now aren’t we?

  • NauticalNoodle@lemmy.ml
    link
    fedilink
    arrow-up
    30
    arrow-down
    7
    ·
    7 days ago

    He alludes to sanctions being a factor but never clarifies on advice from his lawyers. ngl I don’t like the look of it just from a transparency perspective.

    • The Doctor@beehaw.org
      link
      fedilink
      English
      arrow-up
      8
      ·
      7 days ago

      Probably because the advice in question was lengthy and technical (subtype: laws and legality), and the short form had the disclaimer "Please don’t publish the short form because it’s too much like giving legal advice.) Something similar happened back in 2012 with Project Byzantium, when we were consulting with the EFF with respect to having cryptographic libraries included in the distro.

  • boincboy3000@feddit.org
    link
    fedilink
    Deutsch
    arrow-up
    4
    arrow-down
    1
    ·
    edit-2
    7 days ago

    Hm i never coded a line in my life, but i always wondered so honest question to the experts here: is it realistic that someone codes security back doors so hidden in other bad or wrong documented code, that nobody recognizes it in OSS community? I mean code is getting more complicated and specialized, dont you need more and more human resources (more than one person and hopefully not all with a bad intention) to check over that code? If im correct you shouldnt let more code into your software than the community is able to check an validate several times… Doesnt mean it has to be russians that need to be excluded idk

    • ouch@lemmy.world
      link
      fedilink
      arrow-up
      20
      ·
      7 days ago

      Yes, not only is it realistic, it has actually happened. It’s easier to write code than understand it. Even when reviewing code, you miss more or less obvious issues. Not to mention intentional vulnerabilities that can be sneaked in over multiple commits and time span long enough to make reviewers forget the larger context.

    • sunbeam60@lemmy.one
      link
      fedilink
      arrow-up
      6
      ·
      7 days ago

      There will be a million security issues across all OSS. Some of it will be intentional; if so definitely don’t expect it to be a “findable” back door. It will be a set of vulnerabilities across several projects, that when combined allow the perpetrators privilege-escalations or a known path through a security system. Removing “Russians” from contribution doesn’t actually stop that, everyone can use a VPN and work as an American or whatever, but it does send a signal.

      • BlackAura@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        7 days ago

        This might not be super useful if you don’t write code but I always found the contest submissions fun to read and try to figure out for the https://www.underhanded-c.org/ contest.

        They break down and explain the runner up and finalist for each year and how the attack works. It’s usually something very subtle that most people wouldn’t catch.

  • rtxn@lemmy.world
    link
    fedilink
    English
    arrow-up
    94
    arrow-down
    3
    ·
    7 days ago

    The comments under the article are a special kind of braindead.

    • TheGrandNagus@lemmy.world
      link
      fedilink
      English
      arrow-up
      69
      arrow-down
      1
      ·
      7 days ago

      Always is with Phoronix comments.

      You find everything there from “Gnome is satanist” all the way up to pro-genocide crap.

      I really don’t know what it is about the site that brings out the craziest souch.

      • LupertEverett@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        7 days ago

        The absolute disregard of having any moderation is what does that. If there was any, there wouldn’t be the cases like having someone be there by their third account, after the first two got banned.

        Not to mention that controversy = angry people and trolls = more clicks = more ad revenue. I don’t think Michael wants to miss out on it.

      • SquirtleHermit@lemmy.world
        link
        fedilink
        arrow-up
        55
        arrow-down
        18
        ·
        7 days ago

        For half a second there, I was like “yeah, so glad Lemmy is more rational than that site”.

        Few comments later, folks be talking about “Ukranian Nazis”…

          • GeneralInterest@lemmy.world
            link
            fedilink
            English
            arrow-up
            5
            ·
            6 days ago

            I would wager that every country has far-right elements, including Russia.

            What Russia claims though is that the Ukrainian government is full of Nazis, which I don’t think is true.

        • Jesus_666@lemmy.world
          link
          fedilink
          arrow-up
          21
          arrow-down
          2
          ·
          7 days ago

          Hoo boy, you weren’t kidding. I find it amazing how quickly this went from “the kernel team is enforcing sanctions” to an an unfriendly abstract debate about the definition of liberalism. I shouldn’t, really, but I still am.

        • Rentlar@lemmy.ca
          link
          fedilink
          arrow-up
          12
          arrow-down
          1
          ·
          edit-2
          7 days ago

          Hahaha I saw the parent commentor of that chain notorious for getting into back and forth arguments, sometimes reasonable sometimes not, and I thought to myself, this is going to be fun. Then I recognized the username of that other .ml user as a known troll and I was like, yep now this is going to go way off the rails.

    • Aatube@kbin.melroy.org
      link
      fedilink
      arrow-up
      47
      arrow-down
      2
      ·
      7 days ago

      Yeah. Why is everyone saying this is removing their contribution credits? It’s just a list of active maintainers…

      • rtxn@lemmy.world
        link
        fedilink
        English
        arrow-up
        12
        ·
        7 days ago

        That’s a fair point. I rarely read comments on news articles, but morbid curiosity overpowered my self-preservation instinct.

      • Dessalines@lemmy.ml
        link
        fedilink
        arrow-up
        17
        arrow-down
        1
        ·
        7 days ago

        I would never. The idea that any person should be disbarred from contributing to FOSS due to the actions of their government, is incredibly exclusionary. Linus is acting as much like a toddler as daddy USA is.

    • Quail4789@lemmy.ml
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      4
      ·
      7 days ago

      The west is sanctioning Russia because their daddy US tells them to. Similarly they don’t sanction Israel because of daddy.

    • JustMarkov@lemmy.ml
      link
      fedilink
      English
      arrow-up
      51
      arrow-down
      4
      ·
      7 days ago

      No, it’s not like Israel is attacking its neighbors. It doesn’t, does it?

      • bastion@feddit.nl
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        edit-2
        6 days ago

        It’s not about punishing Russia, is admit preventing vulnerability to a country that has an ongoing effort to compromise infosec.

        Not at all saying Israel doesn’t suck balls right now.

        • JustMarkov@lemmy.ml
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          edit-2
          6 days ago

          a country that has an ongoing effort to compromise infosec.

          Any confirmation, that these specific maintainers were compromising something?

  • jol@discuss.tchncs.de
    link
    fedilink
    arrow-up
    96
    arrow-down
    25
    ·
    7 days ago

    Linus has never been the best communicator, but he usually speaks the truth. But this is just bonkers and wrong. Not everyone living in Russia has “ties with Russia” other than “they were born there”. If this is about sanctions, he could have still just told them that. But instead he just disrespected contributors completely and then double down in it by being xenophobic.

    • Jumuta@sh.itjust.works
      link
      fedilink
      arrow-up
      43
      arrow-down
      6
      ·
      edit-2
      7 days ago

      It’s really disappointing seeing Russian contributors being disrespected like this, the regime that rules Russia wasn’t entirely their fault, and allegiance, nationality, and ethnicity are all clearly different things

      Also, wouldn’t a state sponsored Russian hacker pretend to be from the US or something anyway? No way they’d contribute code as a Russian, that’d just increase others’ suspicion

      I agree with Linus a lot too but I strongly disagree here. I hope he’s just being made to say this because of government policies

    • Goun@lemmy.ml
      link
      fedilink
      arrow-up
      39
      arrow-down
      9
      ·
      7 days ago

      I don’t understand how sanctions can impact free software, tbh, what’s free about this? This leaves a weird taste, I have to admit.