>No, but I'm not a lawyer, so I'm not going to go into the details that I - and other maintainers - were told by lawyers. >I'm also not going to start discussing legal issues with random internet people who I seriously suspect are paid actors and/or have been riled up by them.
Which I find pretty concerning statements, quite a disservice to the community. It's a global community, and here the maintainers take some action without explanation. They don't even have a communiqué at hand to tell people what this action is, why it was taken, and which alternatives were considered but rejected. This is the bare minimum that I expect of the maintainers of a piece of software that is very critical to many millions of systems worldwide. Counting on the goodwill of users is not acceptable for an operating system that underpins the security of people's computers.
You can’t cry foul when the group is literally providing you with free software. Open source institutions don’t own anyone anything beyond open software.
As an open source community leader, putting up consists of leading well, and transparently. It's not just a coding role. He may have inherited the leadership role by being the original coder but he has to keep it by being a worthy leader.
I speculate Linus or Greg received the equivalent of a National Security Letter. Otherwise they could point to the regulations.
It's not their software. Linux kernel is written by thousands of people from all around the world.
I don't know if that's accurate, but seems feasible. If so I'm 100% behind it.
It'd be nice to know the exact reasoning for this, rather than just see a commit without any context of why they're being removed. I'm pretty sure we'll know in due time.
I highly doubt anyone banned will even try to send "sufficient documentation". The wording is as vague and arbitrary as it gets, and the underlying tone sounds to me not like "we have such and such requirements", but like "some Russian-sounding names are banned, but we still have to demonstrate there is a due process".
Reminds me of banks. Banks are fined for not having processes for detecting money laundering. Not money laundering, mind it, just having "inadequate" processes. If such a process flags someone, that someone is blocked and they should provide "sufficient documents", but the bank is not allowed to tell them why or what, that would be "tipping off", which is illegal. And then it all comes down to bank's internal policies (that the bank is not allowed to disclose) or even a personal relationship with a branch manager.
Isn't that how most compliance regulation works? You can't force companies to have a perfect record of preventing something, no matter how you structure things, so instead of trying to do so, you setup something that will at least preventing it somewhat. And then you fine the companies who don't do anything to prevent the issue.
That's not true! There are still many Russian maintainers in the kernel, but they are not based in Russia. They only banned individuals, based in Russia, who are employed by sanctioned companies.
Not much exact reasoning added, if you ask me. Quoting:
> Ok, lots of Russian trolls out and about.
> It's entirely clear why the change was done, it's not getting reverted, ...
> And FYI for the actual innocent bystanders who aren't troll farm accounts - the "various compliance requirements" are not just a US thing.
> If you haven't heard of Russian sanctions yet, ...
> As to sending me a revert patch - please use whatever mush you call brains. I'm Finnish. ...
is it? the actual specifics of the sanctions matter, I don't think any of the US sanctions would prevent them from participating in kernel programming.
I saw some comments on Reddit about people with @gmail.com (I think), but other comments pointed out that these people were not actually removed and were just present on a screenshot.
Any self-respecting maintainer will not come back after this.
Linux might have a lot of developers, but has a hard time finding and retaining maintainers.
This is not a good development.
EFF should start a fork if any part of them still stands for what's in their name.
It's not a big deal for Linux either, the code in question is mostly for devices that are not sold in the west. So no loss there.
That's the beauty of open source, you can say no to contributions for any reason whatsoever, and the contributor can fork your code and continue to develop it as they please.
I live in a country which may one day find itself under US sanctions, and I'm been busy cutting reliance on American services, just to avoid having to migrate everything in a rush if that happens. Everyone here understands this (for example, my day job migrated off GitHub to self hosted gitlab back in 2022), and I can't imagine many people will be interested in spending years of effort to then possibly be kicked from the project because they chose to be born in a wrong country.
Something like 80-90% of said contributions are essentially corporate.
If Americans want to participate in international communities they are free to leave the US. Aren't they?
BTW Linus is Finnish and Sergey Mikhailovich Brin is Russian
The harsh reality is that the west is now that place where people think it's a crime to be born in a place instead of another...
I'll quote something for you
criminalizing individuals based on their place of birth or nationality is generally considered a violation of international human rights law. Principles of non-discrimination are central to international agreements like the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights. These treaties emphasize that all people, regardless of origin, have the right to equality before the law and protection from discrimination.
Care to name a few?
They seem to have a lot of what kids today would call bangers.
Some of my favorite Argentine songs: Donde Manda Marinero, En La Ciudad De la Furia. Fabiana’s album that I torrented back in the day happens to be covers of the famous songs and I like a lot of them too
Disclaimer, I just happened to know some Argentine songs that are total ear worms, not necessarily an expert in Argentine music
If Project P in Country A is identified by Country B as a potential target for planting cyber-attack-enabling backdoors, Country B has an incentive to find people to put a backdoor in P.
If Country B is a free country with rights and ethics, they will say "Help us put a backdoor in P. We'll pay you very well for services rendered," or try to get someone who already works for Country B intelligence into P's management structure.
If Country B is an "evil" country, they will do all of the above, but will also tell people of influence in P who live or have family in Country B or its allies, "Help us put a backdoor in P. If you refuse or if the backdoor doesn't work or if the legitimate workers of P find it and remove it before it helps us, you'll be arrested and/or tortured and/or killed and/or your family too."
Removing Russian based kernel maintainers from positions in which they could conceivably help insert a backdoor into the kernel hopefully removes the incentive for the Russian government to threaten (or carry out) horrific violence against these individuals and their families.
register a free gmail account and come up with a fake name. Gotcha. Certainly no bad guy will ever think of this.
I think Australia had something called Technical Capability Notices (TCNs) back in 2018? For legal entities for sure, not sure about hobbyists.
The last paragraph also makes the whole situation sound like someone cares for Russian developers' well-being. I highly doubt it was ever the intention.
It also made me realise what a cushy, insular world I live in not having to worry about those threats when I write software. Made me more aware of what others might face.
True life-changing money, in all absolute sense.
Not that I disagree with the move 100%, but I don't think it's that clear cut.
cough xz cough
What you wrote is very logical but it doesn't explain who defines how "evil" the country is. And the answer is "US". All your 4 paragraphs could be rewritten with "US defines if you are worthy or not". Which sounds real and quite disappointing to many people who thought Linux is a shared effort of the humanity
I haven't followed the original events but I understand their actions. Probably they need to have "no russian developers" ticked for compliance for some defense contractor. So they have run "grep -rF .ru .git/" and found russian developers to remove to tick that requirement. I would have probably done the same -- it's easier to do it that to explain to many people why those people aren't evil
If your system relies on people being in "a free country with rights and ethics", then you have a bad system widely open to abuse. After all, who decides which country is "free" and which is not? White house? Should you exclude people from all "non-free" countries?
How child play and naive you're thinking of politics. If Russia ever had that degree of power to control the behavior of its citizens, it would have already ruled the world.
You can't even fully control a 5-person band and you're telling us that magically Russia is able to control millions of people, amongst which none of them know justice or human rights enough to leak any info. You know, even under the infamous assassin attempts from FBI, Snowden managed to flee to Russia. How can Russia be more powerful than the US in this way?
I'm not saying good words to any regime. I mean both the US sanction and the Russian invasion suck. I don't want another country bossing over what you can do, and I don't want another country pointing guns on your head either.
To this casual bystander it seems like they usually hurt innocent citizens far more than the leaders of the usually authoritarion regime that it targets.
That's kinda the point. The common folk put pressure on their leaders to correct their behavior.
Do you not think that at least 50% of all people in Russia would vote for Putin or his affiliates (even if the elections weren't falsified)? Therefore most people in Russia are certainly not innocent.
if you really think so strongly about it maybe you should run "Red Star OS" instead
Ok, lots of Russian trolls out and about. It's entirely clear why the change was done, it's not getting reverted, and using multiple random anonymous accounts to try to "grass root" it by Russian troll factories isn't going to change anything. And FYI for the actual innocent bystanders who aren't troll farm accounts - the "various compliance requirements" are not just a US thing.
If you haven't heard of Russian sanctions yet, you should try to read the news some day. And by "news," I don't mean Russian state-sponsored spam. As to sending me a revert patch - please use whatever mush you call brains. I'm Finnish. Did you think I'd be _supporting_ Russian aggression? Apparently it's not just lack of real news, it's lack of history knowledge too.
But this change here feels like there was pressure from the DoD or White House. A lot of sanctions seems to be introduced and enforced informally.
> The ban complies with the EU’s 12th sanctions package adopted in December, which ordered companies in and outside the bloc to stop exporting products and technology to Russia by March 20.
That would mean that either A) it's not what triggered this change or B) the kernel wasn't legally following compliance requirements for almost a year
But besides that, that sanction is between EU<>Russia, not sure if that would ultimately enforce the kernel to implement those compliance requirements, unless also agreed and followed by the US.
Some of them, yes, some of them, no. /s
Its pandering. I hope these developers petition to be added back.
If hacking or subversion is possible, it has been tried and will be again. If anyone is going to try it, chances are Putin's people will.
It's by far the sneakiest, most advanced cheating and infiltration apparatus humanity has ever known. It inherited a large "meddling war chest" from the Soviet Union, then invested heavily into it for 25 years. The Internet increased its opportunities a million-fold. Its semitransparent tentacles are now embedded into nearly every consequential organization on the planet.
Consider the xz episode as a baseline. It was fairly sneaky, but it was introduced by a newcomer to the project and affected mostly existing code. A more elaborate exploit might be submitted with a new feature by an established maintainer.
The former aims to punish and worsen the situation of the other country, the latter aims to reduce the attack vector and improve the situation of the US.
There are lots of good people there. It’s too bad there is a crazy person at the helm.
Then they should be reminded that their military is actively using Linux to kill Ukrainian civilians https://en.wikipedia.org/wiki/Astra_Linux
Some examples:
https://www.theverge.com/2022/6/8/23159656/microsoft-russia-...
https://www.reuters.com/business/russia-shrugs-off-jobs-impa...
https://www.hpe.com/us/en/newsroom/statement/2022/06/hpe-ann...
https://newsroom.ibm.com/Update-on-IBMs-Business-Operations-...
Nobody likes being at the mercy of a system that feels capricious.
So, now the real world has slowly catched up to that fantasy world of ours. The winter has really come.
Microkernels in general already mitigate the possible damage that could be done by rogue code in large monolithic kernels. A formally verified microkernel like SeL4 is an even better guarantee. And performance concerns of microkernels are practically solved at this point.
These sorts of nation-state sponsored malicious code practices could be made mostly irrelevant. We just need a little momentum to get us there.
