Linus Torvalds Confirms Decision to Remove Maintainers from Russia
You couldn’t come up with a more powerful spit in the direction of FOSS. And from Linus, who is now kind of showing f*ck to the entire community. Here you have freedom, openness and all that. Today they just wiped their ass with it, and by one of the founders.
This is the moment when the split politics, dirty ones from all sides, have penetrated into the very heart of OpenSource - into the Linux kernel.
Unfortunately, Russia would not hesitate a second to use these Russian maintainers to include some shady stuff into Linux. Russia used everything they can to their advantage.
Now, we can wait for that to happen and have all sorts of issues when some backdoor gets distributed on a massive scale on a lot of Linux systems, or we can be realistic about the situation and take action before that.
I would not trust anyone from China to work in FOSS either, since they are exactly the same.
Yeah better discriminate based on nationality /s. But why stop at that? Poor people are too easily bribed can’t have them. I hear the CIA recruits from top US universities, can’t trust those college grads either. Anyone belonging to some homophobic church or religious group? Better not what if they’re closeted gay and get blackmailed? Anyone in a monogamous relationship should be excluded for the same reason, if you think about it. *tips forehead*
If we follow through with it, I would absolutely never ever trust anyone from the US, for example. US is very much known for cyber espionage and shady operations.
This is all power play, and it comes from a very certain direction amidst this political struggle.
You want your open source code not to have backdoors? Review it meticulously. This is really the only way, and the one an entire open-source community relies on - pretty successfully, by the way.
by this logic it turns out that the code quality control system is built in such a way that if someone has malicious intent and wants to add malicious code, but is not affiliated with dubious structures, then he will easily succeed? Hey, what about enough eyeballs and shallow bugs?
I do agree that quality control should catch things, but we are all human and we don’t catch a 100%. So if quality control is flooded with too much things to catch, the chance of one slipping by increases.
Also, a lot of FOSS is based on volenteers, do we just ask those people to put in more hours? Who is responsible anyways if something makes it through and actually causes damage to something or someone?
I find the decision quite reasonable. You at least filter out the party most likely to pull something shady. We should still be very careful, but it takes away some the work.
i don’t know what exactly was in question in the kernel, that the lawyers had to worry about, but From EAR rules…
“note that open source software can still be subject to export control measures if it includes technologies or functionalities that are regulated. In such cases, specific controls may be applied to prevent the unauthorized export of these technologies or functionalities.”
IF something was deemed controlled, it makes sense to pull it so kernel can ship anywhere, and whomever received it can do their own tweaks
@BCsven@Allero Given the modular nature of the kernel, the module can always be made available separately those today’s Internet really makes such restrictions, as they apply to software, moot.
Exactly. Not much different than a distro that can’t legally ship non-free drivers for initial instal due to licensing, but you load them in yourself on first boot
@BCsven As I stated though moot, the laws have really outlived their usefulness. There are simply too many unsecured systems on the Internet to make it impossible for a bad foreign actor to gain access to any software that is not intended for export. When I worked for the local telco, many of their switches had dial-in modems that connected to the recent change channels, the channels that allow you to alter how lines were assigned, telephone calls were routed, etc, without so much as a login or password. If you knew the commands you could do pretty much anything you wanted to. I caused a major meltdown that got me an unwanted interview with directors merely for suggesting that they put a password on the root account of a pbx interface Unix system used to serve a 40,000 line customer. So yea security is mostly a joke and as a result these laws serve no useful purpose.
Oh I get the futility of it. But if you are in the USA you are bound by it. Same reason encryption devs had to cross to Canada to do development because USA would not allow encryption code shared across boundaries.
Or how I once sent a software bug report in for an Engineering product; because company is USA based they assigned it an ITAR /EAR status. It was a 4" cube I modelled, and now some dev has to treat it as sensitive EAR data. LOL
I’m not sure if you’re kidding, so I’ll just note that Finland and Iceland are NATO member states, and Finland is notoriously against Russian aggressions due to history.
I think the commentor meant in regard to US restrictions that may get imposed on a project, since they have odd ITAR/EAR controls. Moving sonewhere with less export restrictions could alter choices of development.
What else would you call it? Even if you buy one of the many bullshit rationalizations Russia has offered, invading a sovereign neighbor is absolutely aggression, if words still mean things.
@Tinidril It’s realistic is what it is. It’s not trying to paint Putin as some evil Hitler clone. It’s what happens when you don’t have a vested interest in the military industrial complex and aren’t a shill for someone who does.
The hundreds of thousands dead so-far will be glad to know that Putin is just being misunderstood and is actually a pretty nice guy. Who the fuck said anything about Hitler?
Linus Torvalds Confirms Decision to Remove Maintainers from Russia
You couldn’t come up with a more powerful spit in the direction of FOSS. And from Linus, who is now kind of showing f*ck to the entire community. Here you have freedom, openness and all that. Today they just wiped their ass with it, and by one of the founders.
This is the moment when the split politics, dirty ones from all sides, have penetrated into the very heart of OpenSource - into the Linux kernel.
Unfortunately, Russia would not hesitate a second to use these Russian maintainers to include some shady stuff into Linux. Russia used everything they can to their advantage.
Now, we can wait for that to happen and have all sorts of issues when some backdoor gets distributed on a massive scale on a lot of Linux systems, or we can be realistic about the situation and take action before that.
I would not trust anyone from China to work in FOSS either, since they are exactly the same.
@MrAlternateTape @fireshell <sarcasm>But Stuxnet proves nobody in the United States would do that.</sarcasm>
Yeah better discriminate based on nationality /s. But why stop at that? Poor people are too easily bribed can’t have them. I hear the CIA recruits from top US universities, can’t trust those college grads either. Anyone belonging to some homophobic church or religious group? Better not what if they’re closeted gay and get blackmailed? Anyone in a monogamous relationship should be excluded for the same reason, if you think about it. *tips forehead*
If only there was some sort of review process for code to get into the kernel…
If we follow through with it, I would absolutely never ever trust anyone from the US, for example. US is very much known for cyber espionage and shady operations.
This is all power play, and it comes from a very certain direction amidst this political struggle.
You want your open source code not to have backdoors? Review it meticulously. This is really the only way, and the one an entire open-source community relies on - pretty successfully, by the way.
by this logic it turns out that the code quality control system is built in such a way that if someone has malicious intent and wants to add malicious code, but is not affiliated with dubious structures, then he will easily succeed? Hey, what about enough eyeballs and shallow bugs?
I do agree that quality control should catch things, but we are all human and we don’t catch a 100%. So if quality control is flooded with too much things to catch, the chance of one slipping by increases.
Also, a lot of FOSS is based on volenteers, do we just ask those people to put in more hours? Who is responsible anyways if something makes it through and actually causes damage to something or someone?
I find the decision quite reasonable. You at least filter out the party most likely to pull something shady. We should still be very careful, but it takes away some the work.
Software still has to follow legal rules, like when some distros removed stuff to be ITAR /EAR compliant for shipping across borders
Nothing is stopping Russia from taking the Open Source kernel and developing it themselves
That is interesting, my comment got removed.
Kernel cannot follow or not follow any legal rules. Linux Foundation can.
And if regulations become a serious issue and go against the spirit of open-source, it is time to move the Foundation somewhere else.
i don’t know what exactly was in question in the kernel, that the lawyers had to worry about, but From EAR rules… “note that open source software can still be subject to export control measures if it includes technologies or functionalities that are regulated. In such cases, specific controls may be applied to prevent the unauthorized export of these technologies or functionalities.”
IF something was deemed controlled, it makes sense to pull it so kernel can ship anywhere, and whomever received it can do their own tweaks
@BCsven @Allero Given the modular nature of the kernel, the module can always be made available separately those today’s Internet really makes such restrictions, as they apply to software, moot.
Exactly. Not much different than a distro that can’t legally ship non-free drivers for initial instal due to licensing, but you load them in yourself on first boot
@BCsven As I stated though moot, the laws have really outlived their usefulness. There are simply too many unsecured systems on the Internet to make it impossible for a bad foreign actor to gain access to any software that is not intended for export. When I worked for the local telco, many of their switches had dial-in modems that connected to the recent change channels, the channels that allow you to alter how lines were assigned, telephone calls were routed, etc, without so much as a login or password. If you knew the commands you could do pretty much anything you wanted to. I caused a major meltdown that got me an unwanted interview with directors merely for suggesting that they put a password on the root account of a pbx interface Unix system used to serve a 40,000 line customer. So yea security is mostly a joke and as a result these laws serve no useful purpose.
Oh I get the futility of it. But if you are in the USA you are bound by it. Same reason encryption devs had to cross to Canada to do development because USA would not allow encryption code shared across boundaries. Or how I once sent a software bug report in for an Engineering product; because company is USA based they assigned it an ITAR /EAR status. It was a 4" cube I modelled, and now some dev has to treat it as sensitive EAR data. LOL
the foundation should have moved long ago but I think Linus’ personal adoration of the US is going to get in the way of that.
@Allero @BCsven That was the point I was making when I suggest back to Finland or perhaps Iceland or Switzerland.
Agreed with you!
@BCsven @fireshell Or Linus from moving the organization back to Finland, or Iceland, or Switzerland, or some other more neutral territory.
I’m not sure if you’re kidding, so I’ll just note that Finland and Iceland are NATO member states, and Finland is notoriously against Russian aggressions due to history.
@vga I can only tell you that if my personal net worth was 50 million, I’d be looking for a new national home yesterday.
I think the commentor meant in regard to US restrictions that may get imposed on a project, since they have odd ITAR/EAR controls. Moving sonewhere with less export restrictions could alter choices of development.
.
Why force your political beliefs on something that has nothing to do with?
Not sure if being against Russian aggression can be called a “political belief” as nearly all Finns pretty much agree on it.
@vga @ChiefSinner That it was “aggression” in and of itself is a political belief.
What else would you call it? Even if you buy one of the many bullshit rationalizations Russia has offered, invading a sovereign neighbor is absolutely aggression, if words still mean things.
@Tinidril How about self defense, same thing we would have called the invasion of Cuba if the Russians hadn’t backed down.
So, a US invasion of Cuba wouldn’t be aggressive? I guess words really don’t mean anything then. That’s some really pathetic whataboutism BTW.
@Tinidril It’s realistic is what it is. It’s not trying to paint Putin as some evil Hitler clone. It’s what happens when you don’t have a vested interest in the military industrial complex and aren’t a shill for someone who does.
The hundreds of thousands dead so-far will be glad to know that Putin is just being misunderstood and is actually a pretty nice guy. Who the fuck said anything about Hitler?