As a finn, I understand that there are probably legal reasons for doing this.
I just wish they would be transparent and share those reasons with us. The Linux kernel is certainly not the only free software project that is impacted, if this comes straight from EU/US sanctions. Maintainers of other projects have a lot of interest in what is happening.
Transparency is also important because if EU/US policy/sanctions are causing issues for free software projects, then that discussion needs to be public, so that there is a chance to amend the policies if necessary.
The legal reasons was because the Linux Foundation is based in the USA and the targeted devs worked for companies explicitly sanctioned by the USA. Linus said he knew and trusted the devs he was forced to delist.
The Linux Foundation needs to relocate to some stable neutral country like Switzerland.
Switzerland is controlled by the US
Suggest a country then
We’re gonna start seeing large open source communities start to break into smaller ones because of sanctions from now aren’t we?
You don’t need sanctions. I’ve seen you petty fucks fork projects over a font.
They’ll fight over fonts meanwhile WordPress is on fire and where are the forks?
Or a name
BringFork out the GIMP!gimp-qt
:3
This sets such a bad precedent…
The bad precedent was starting a war
Yeah I’m sure the maintainers are in talks with Putin directly
Removed by mod
If/when the Russian government comes knocking on their door and tells them that they need to do x, y, and z with the kernel
CIA could do that too.
Ah yes. The Finnish CIA.
They have one?
Any moderator want to actually let me know why my comment was removed, or…?
Is pointing out the dangers of working in an autocratic nation against the rules?
I can see the comment dude.
Arguably, ITAR set the precedent in the 1990’s during the crypto wars. USians used to have to travel to Canada to work on cryptographic code in OpenBSD because their commits couldn’t legally be exported.
This article gives a good discussion about a potential coming East/West political split in the world of FOSS.
https://thenewstack.io/avoiding-a-geopolitical-open-source-apocalypse/
Shit like this is why I use the most generic yankee cowboy aliases online.
He alludes to sanctions being a factor but never clarifies on advice from his lawyers. ngl I don’t like the look of it just from a transparency perspective.
Probably because the advice in question was lengthy and technical (subtype: laws and legality), and the short form had the disclaimer "Please don’t publish the short form because it’s too much like giving legal advice.) Something similar happened back in 2012 with Project Byzantium, when we were consulting with the EFF with respect to having cryptographic libraries included in the distro.
Hey - an explanation. Who’da’thunk it?
deleted by creator
Hm i never coded a line in my life, but i always wondered so honest question to the experts here: is it realistic that someone codes security back doors so hidden in other bad or wrong documented code, that nobody recognizes it in OSS community? I mean code is getting more complicated and specialized, dont you need more and more human resources (more than one person and hopefully not all with a bad intention) to check over that code? If im correct you shouldnt let more code into your software than the community is able to check an validate several times… Doesnt mean it has to be russians that need to be excluded idk
Yes, not only is it realistic, it has actually happened. It’s easier to write code than understand it. Even when reviewing code, you miss more or less obvious issues. Not to mention intentional vulnerabilities that can be sneaked in over multiple commits and time span long enough to make reviewers forget the larger context.
There will be a million security issues across all OSS. Some of it will be intentional; if so definitely don’t expect it to be a “findable” back door. It will be a set of vulnerabilities across several projects, that when combined allow the perpetrators privilege-escalations or a known path through a security system. Removing “Russians” from contribution doesn’t actually stop that, everyone can use a VPN and work as an American or whatever, but it does send a signal.
Interesting answers, thanks!
This might not be super useful if you don’t write code but I always found the contest submissions fun to read and try to figure out for the https://www.underhanded-c.org/ contest.
They break down and explain the runner up and finalist for each year and how the attack works. It’s usually something very subtle that most people wouldn’t catch.
fremdscham++
😬Removed by mod
are the tankies in the room with us right now
Lemmy was built by communists. you would be better served by going back to Reddit.
Removed by mod
Based Linus as always
Huh. Lot of people Russian’ to conclusions in this thread.
Sorry.
Shhh. Let Linus Finnish.
Ok, dad.
Sorry for liking it.
The comments under the article are a special kind of braindead.
Always is with Phoronix comments.
You find everything there from “Gnome is satanist” all the way up to pro-genocide crap.
I really don’t know what it is about the site that brings out the craziest souch.
The absolute disregard of having any moderation is what does that. If there was any, there wouldn’t be the cases like having someone be there by their third account, after the first two got banned.
Not to mention that controversy = angry people and trolls = more clicks = more ad revenue. I don’t think Michael wants to miss out on it.
For half a second there, I was like “yeah, so glad Lemmy is more rational than that site”.
Few comments later, folks be talking about “Ukranian Nazis”…
Wholesome banderite chungus
I would wager that every country has far-right elements, including Russia.
What Russia claims though is that the Ukrainian government is full of Nazis, which I don’t think is true.
Removed by mod
Removed by mod
are you a CIA bot or what? since when did people start ignoring facts and just repeat state department or fed propaganda? very strange.
🤣
Edgy tweens being edgy.
I just smoked weed and … smoked weed.
Hoo boy, you weren’t kidding. I find it amazing how quickly this went from “the kernel team is enforcing sanctions” to an an unfriendly abstract debate about the definition of liberalism. I shouldn’t, really, but I still am.
Removed by mod
Hahaha I saw the parent commentor of that chain notorious for getting into back and forth arguments, sometimes reasonable sometimes not, and I thought to myself, this is going to be fun. Then I recognized the username of that other .ml user as a known troll and I was like, yep now this is going to go way off the rails.
“Bcachefs sucks because I use ext4”
Yeah. Why is everyone saying this is removing their contribution credits? It’s just a list of active maintainers…
This is not an unusual comment section on Phoronix, to put it mildly.
That’s a fair point. I rarely read comments on news articles, but morbid curiosity overpowered my self-preservation instinct.
Banning Israeli contributers too?
Unironically I would support it
I would never. The idea that any person should be disbarred from contributing to FOSS due to the actions of their government, is incredibly exclusionary. Linus is acting as much like a toddler as daddy USA is.
The west is sanctioning Russia because their daddy US tells them to. Similarly they don’t sanction Israel because of daddy.
No, it’s not like Israel is attacking its neighbors. It doesn’t, does it?
It’s not about punishing Russia, is admit preventing vulnerability to a country that has an ongoing effort to compromise infosec.
Not at all saying Israel doesn’t suck balls right now.
a country that has an ongoing effort to compromise infosec.
Any confirmation, that these specific maintainers were compromising something?
They would never!
ALL of them? Not at once. Usually.
Linus has never been the best communicator, but he usually speaks the truth. But this is just bonkers and wrong. Not everyone living in Russia has “ties with Russia” other than “they were born there”. If this is about sanctions, he could have still just told them that. But instead he just disrespected contributors completely and then double down in it by being xenophobic.
Removed by mod
Yup. If you don’t want to “mysteriously fall from a window,” you do what they say.
I agree 100% with Linus here
[Citation needed]
deleted by creator
It’s really disappointing seeing Russian contributors being disrespected like this, the regime that rules Russia wasn’t entirely their fault, and allegiance, nationality, and ethnicity are all clearly different things
Also, wouldn’t a state sponsored Russian hacker pretend to be from the US or something anyway? No way they’d contribute code as a Russian, that’d just increase others’ suspicion
I agree with Linus a lot too but I strongly disagree here. I hope he’s just being made to say this because of government policies
At this point it’s the Russians peoples fault.
could you elaborate on why?
And the most dangerous part here is the whole rethoric of “if you disagree, you are a Russian shill”.
I don’t understand how sanctions can impact free software, tbh, what’s free about this? This leaves a weird taste, I have to admit.
Linux foundation is a US company, and he’s a EU citizen and there’s companies that those devs where employed that are under sanction , hot that hard to understand
he’s a EU citizen
He’s also been a US citizen since 2010.