I for one am going through quite a culture shock. I always assumed the nature of FOSS software made it immune to be confined within the policies of nations; I guess if one day the government of USA starts to think that its a security concers for china to use and contribute to core opensource software created by its citizens or based in their boundaries, they might strongarm FOSS communities and projects to make their software exclude them in someway or worse declare GPL software a threat to national security.
What happened this time?
Edit, answered elsewhere:
Recently, Linux removed several people from their organization that have Russian email addresses. Linus made a statement that confirmed this was done intentionally. I believe that there was some mention of following sanctions on Russia due to the war. I haven’t looked into the details of it all, so take my analysis with a grain of salt. From what I understand, it sounded like it was only Russian maintainers that were removed and normal users submitting code from Russia can still contribute. Maintainers have elevated permissions and can control what code gets accepted into a project, meaning that a bad actor could allow some malicious code to sneak past. This may have also contributed to the decision since this type of attack has happened before and Russia seems like a likely culprit. The reactions to this change have been varied. Some people feel it is somewhat justified or reasonable, some people think that it means it is no longer open source, and some people think it is unfairly punishing Russian civilians (it is worth noting that that is part of the point of sanctions).
Well, in theory open source is immune to all that. However, the country a project is registered at, matters. That’s why the RISC-V project, for example, took its headquarters from the US to Switzerland. For that exact reason: so no country could strong arm it, especially since Chinese were the major contributors to the project (Switzerland is not 100% neutral, but it’s more neutral than other countries).
Is this really Linux drama though? It seems more like political drama that ended up jizzing on Linux.
I mean, yeah, there’s been drama after the decision was made based on legal issues brought about by political drama, but this part of it isn’t, if you get the distinction.
The only real linux drama part, as far as I can see is the crappy way it was announced, which isn’t what most of the people involved in the drama after the fact are complaining about.
I dunno, I’m not complaining about the post here, just talking about the overall issue itself using the post as a jumping point.
Anyway, I guess what I’m getting at is that foss development can’t be immune from political fuckery (no matter how justified or unjustified it is). Everyone that’s going to be involved in development is going to live under some nation’s thumb, and is vulnerable to any legal ramifications of that nation. So there’s no way to prevent a project being strongarmed; all that’s possible is having enough people that can review the code do so, so that any fuckery that affects the project is known, so that everyone can decide what they want to do about it as individuals.
As long as individual people have the ability to use any foss software they want on their own devices, there’s a limit to how bad the fuckery can get. Tbh, I’m more worried about corporate fuckery in foss projects than governmental
Not really, open source projects don’t necessarily have to be open to all contributors and I was aware of this already. They have to be open to anyone doing what they want with the code, by definition, which is good, but they don’t have to allow everyone to contribute to upstream. I’m not sure if there’s any particular defence against this being used in a discriminatory manner, but I do think this effect is significantly mitigated by the decentralised nature of open source and the fact that it’s not too uncommon for forks to become preferred over the original, the fact that open source projects rise and fall in popularity, etc.
I wonder if there’s some way to manage an open source project so that it’s not subject to particular national laws in this way.
Yes. There is an extremely arbitrary distinction made between the USA and Russia. Both are known for injecting spyware. China is somehow still okay? It makes no sense.
Not to mention the elephant in the room by not banning another certain country actively committing war crimes.
All software should be safety checked. Where the maintainer is from should be irrelevant.
But the most weird aspect is the timing. Why now and not a few years ago?
There is an extremely arbitrary distinction made between the USA and Russia.
Your world view seems to be highly influenced by propaganda. It’s very easy to draw a distinction between these two countries. Let me start with an easy one:
Russia is a dictatorship, the US is a democracy.
US is a democracy
Lmfao
Modern Russia is a shitty liberal “democracy” just as incompetent as the US’s
I see why some people block lenny.ml. Many there put everything through a high-standard threshold function.
America: we need military bases all over the world to surpress their population and steal their natural resources. This is why Israel must grow to expand our foothold in the middle east even at the cost of a genocide. We also overthrow democracies to replace them with authoritarian dictators when convenient to us.
You: Democracy!
People don’t realize that the US founders explicitly modeled their new state on the Roman empire, with an expansionist aristocracy / slaveocracy controlling the state. The debates on this in the federalist papers are very explicit, as is the way they structured its government. Hell even half the buildings in washington DC are modelled after roman architecture.
well yeah, how does us being democracy change the fact that they basically did almost everything that Russia did
“basically”
You’ll be surprised if you actually challenge your convictions.
Are you sure you want to compare how many wars the US has waged compared to Russia and how many people they’ve murdered each?
That commenter is doing you a favour by implying it’s anywhere close.
The current Russian govt is not aligned with Soviet principles or ideology, right?
And the Stalin period saw the Soviets fighting and defeating the Nazis in WW2. Does the calculation of excess mortalities account for such effects too?
Nazi instigators punished, famine caused by the effect of war, infrastructure damage by the Nazis, deaths in Nazi occupied areas. These things don’t seem to be discussed much.Invasion of Vietnam.
https://en.wikipedia.org/wiki/United_States_in_the_Vietnam_War
https://en.wikipedia.org/wiki/United_States_invasion_of_Afghanistan
https://en.wikipedia.org/wiki/Guatemalan_genocide
https://en.wikipedia.org/wiki/CIA_assassination_attempts_on_Fidel_Castro
https://dessalines.github.io/essays/us_atrocities.html#sources--starting-pointshttps://en.wikipedia.org/wiki/Slavery_in_the_United_States
https://en.m.wikipedia.org/wiki/List_of_Japanese-American_internment_camps
And since the current Russia is seen as the extension of the Soviets:
https://en.wikipedia.org/wiki/Native_American_genocide_in_the_United_Stateshttps://en.wikipedia.org/wiki/Great_Famine_of_1876-1878
https://en.wikipedia.org/wiki/Timeline_of_major_famines_in_India_during_British_rule
I did, and I found that the US does WORSE shit than Russia sometimes.
Russia ain’t good. Neither is the US. Get your head out of your ass.
Heard about what Russia has been doing in the occupied parts of Ukraine?
Heard about what the US did in Afghanistan? US soldiers raped a LOT of children before and after murdering their entire families.
America JUST exited a decades long war where the only results were death and destruction.
Tell me more about the US government requiring their soldiers to rape pre-teen girls then.
Or, you know, they really aren’t the same.
Which one is killing us faster? I’m pretty sure it’s the USA. Nice that you get to live in a democracy I guess but that doesn’t mean a damn thing to someone living outside the USA and being exploited and abused by it.
I’m in Sweden. The idea that the US is somehow more of a danger to us than Russia is laughable.
I just wanted to say that I have the same questions, and it’s a relief to see it posted by someone with more courage. I’m too ignorant to contribute to the discussion though. I don’t know how a government or private entity could pressure a FOSS project in this way, unless that pressure was put on the project’s git platform. At which point the repo just moves elsewhere.
FOSS does not mean:
- Community owned: Linux is owned by the Linux Foundation, a legal entity of the United States and subject to it’s laws.
- Obliged to accept all contributions: The owner is free to accept or reject contributions for any reason.
Nothing changed except some people are no longer responsible for maintaining parts of the source tree. Their delegated power to accept contributions was removed. They can still propose changes, but they will be reviewed by others who aren’t subject aren’t at risk of Russian state influence.
This isn’t saying they’ve done anything wrong, or that they are currently under state influence, but now that they no longer have maintainer privileges the chance of the FSB knocking on their door has probably dropped 90%.
Hasn’t changed my view much. I already knew Linux was a company that has a legal presence in the US and so would be subject to their laws. The only real surprise is that it’s taken so long to action this particular set of sanctions.
I do think the announcement was poorly handled - it should have been explained either before or immediately afterwards to cut back on the conjecture. The git notice only said that these contributors’ names had been removed from the credits, not that they’d been stopped from contributing completely. Any company, including Linux, that does something they know is going to be contentious like this should bloody well get ahead of that curve and put the facts out.
The world is at war. It’s not a bloody world war as we’ve seen before, but it is nation against nation by other means. FOSS is used so widely it is absolutely a target and nobody can be so idealistic that they cannot see the conflict, nor not know that it’s constantly being attacked. Where you live does matter. I wish that wasn’t the case - I truly do, but it’s naive in the extreme to pretend otherwise.
This wasn’t a decision made based on sanctions, it was just an excuse given but no actual evidence of Linux being required to act on them was ever given.
Why do you think Linus is not being truthful?
Other countries are similarly sanctioned, and hundreds of maintainers from those sanctions are still there. So the sanctions thing is absolutely just an excuse.
What Linus just did to Russians is scaring a lot of people right now, who are probably wondering if they should keep working in association with a project which has just demonstrated its unreliability.
It’s banning contributors but not contributions themselves. So there must be inconvenience but somewhat effective workarounds. That could be fun to see unfold.
Although why would anyone from Russia even consider helping a project which sees them as lesser
But that’s not what happened. If the lawyers are saying that some open source groups can’t work with open source groups in Russia, as Linus indicated, that doesn’t mean either group dislikes the other group. I don’t think this is a question of animosity.
So like what happened
Recently, Linux removed several people from their organization that have Russian email addresses. Linus made a statement that confirmed this was done intentionally. I believe that there was some mention of following sanctions on Russia due to the war. I haven’t looked into the details of it all, so take my analysis with a grain of salt. From what I understand, it sounded like it was only Russian maintainers that were removed and normal users submitting code from Russia can still contribute. Maintainers have elevated permissions and can control what code gets accepted into a project, meaning that a bad actor could allow some malicious code to sneak past. This may have also contributed to the decision since this type of attack has happened before and Russia seems like a likely culprit. The reactions to this change have been varied. Some people feel it is somewhat justified or reasonable, some people think that it means it is no longer open source, and some people think it is unfairly punishing Russian civilians (it is worth noting that that is part of the point of sanctions).
As per usual, the discussion of the Linux drama far exceeds the actual drama. I’m guessing most of those people will still contribute.
Linux at this point is an absolutely critical part of the information infrastructure our world is built on. It’s not just a few nerds in basements cobbling together code. Safeguarding this infrastructure against bad actors is absolutely crucial for everybody’s safety. Unfortunately we’re going to see more of this kind of stuff in an increasingly polarised world.
Israelis are more known for putting backdoors wherever they can than Russians, for example.
Anyway, nation-states are not the only kind of group with malicious interest. Maybe a maintainer is a member of some mafia, I dunno. How are you going to know this?
Many things can be done with FreeBSD. Again, in our time it may get some popularity again not because of such events even, but because of their possibility and to avoid monoculture (in the context of backdoors too).
Same here. For now it’s only barring contributors which won’t harm actual users much, but that could change in the future with the precedent this is setting.
What’s the point of “FOSS” at that point if it’s not so different from corporate products, being similarly vulnerable to sanctions? I could see genuine free software being relegated to piracy communities if it goes that far.
FOSS gives people the option to take the original code and create their own version of it in case they don’t like what the original maintainers are doing. With closed source you would be stuck and would have to look for something new.
Yes. If FOSS projects bend the knee to shitty laws just because “they are the law”, then FOSS is free labor for corporations with no gains for the people.
That’s the point of FOSS as copyleft, to use the law to protect “free and open” information. This allows bigger projects, because contributors don’t have to keep their heads down.
At the same time maybe this is a downside, not an upside. As the reason why it has all gotten so big and complex and corporate-influenced.
The usual consequences to not following the law are not in your favor.
If your goal in contributing to FOSS is to go to prison, there are a lot better avenues to achieve that.
Law aren’t always right and governments don’t always do the best neither for the world nor for its citizens. Open source projects and corporations shouldn’t rely on any government, they shouldn’t do the biddings on governments — either “good” or “bad” — and act in people best interests.
Of course this is a pipe dream and what we got is more free work for companies with none the benefits
I don’t understand why you think “avoiding prison” equals free work for companies. The individuals contributing to open source are subject to the same laws we’re discussing in this thread, and are the ones that would actually be getting consequences.
No one exists without a government, and that’s not even a pipe dream, it’d be societal collapse.
Certain Open Source movements are pure bigotry and opportunism, the Linux Kernel / The Linux Foundation for example, so it doesn’t really make me wonder.
Yes. I always thought of sanctions as being finance-related, meaning you can’t transact with sanctioned groups. I figured it couldn’t apply to decision-making/membership in non-profit organizations (that it might somehow violate “free speech” or some shit). Finding out this is not the case is terrifying and one more reason to hate the US (not that we needed more). This might disincentivize some people to contribute to FOSS.
