Linus Torvalds Confirms Decision to Remove Maintainers from Russia
You couldn’t come up with a more powerful spit in the direction of FOSS. And from Linus, who is now kind of showing f*ck to the entire community. Here you have freedom, openness and all that. Today they just wiped their ass with it, and by one of the founders.
This is the moment when the split politics, dirty ones from all sides, have penetrated into the very heart of OpenSource - into the Linux kernel. https://www.youtube.com/watch?v=v_YozYt8l-g
Software still has to follow legal rules, like when some distros removed stuff to be ITAR /EAR compliant for shipping across borders
Nothing is stopping Russia from taking the Open Source kernel and developing it themselves
@BCsven @fireshell Or Linus from moving the organization back to Finland, or Iceland, or Switzerland, or some other more neutral territory.
I’m not sure if you’re kidding, so I’ll just note that Finland and Iceland are NATO member states, and Finland is notoriously against Russian aggressions due to history.
I think the commentor meant in regard to US restrictions that may get imposed on a project, since they have odd ITAR/EAR controls. Moving sonewhere with less export restrictions could alter choices of development.
That is interesting, my comment got removed.
Kernel cannot follow or not follow any legal rules. Linux Foundation can.
And if regulations become a serious issue and go against the spirit of open-source, it is time to move the Foundation somewhere else.
Agreed with you!
the foundation should have moved long ago but I think Linus’ personal adoration of the US is going to get in the way of that.
i don’t know what exactly was in question in the kernel, that the lawyers had to worry about, but From EAR rules… “note that open source software can still be subject to export control measures if it includes technologies or functionalities that are regulated. In such cases, specific controls may be applied to prevent the unauthorized export of these technologies or functionalities.”
IF something was deemed controlled, it makes sense to pull it so kernel can ship anywhere, and whomever received it can do their own tweaks
Exactly. Not much different than a distro that can’t legally ship non-free drivers for initial instal due to licensing, but you load them in yourself on first boot
@BCsven As I stated though moot, the laws have really outlived their usefulness. There are simply too many unsecured systems on the Internet to make it impossible for a bad foreign actor to gain access to any software that is not intended for export. When I worked for the local telco, many of their switches had dial-in modems that connected to the recent change channels, the channels that allow you to alter how lines were assigned, telephone calls were routed, etc, without so much as a login or password. If you knew the commands you could do pretty much anything you wanted to. I caused a major meltdown that got me an unwanted interview with directors merely for suggesting that they put a password on the root account of a pbx interface Unix system used to serve a 40,000 line customer. So yea security is mostly a joke and as a result these laws serve no useful purpose.
Oh I get the futility of it. But if you are in the USA you are bound by it. Same reason encryption devs had to cross to Canada to do development because USA would not allow encryption code shared across boundaries. Or how I once sent a software bug report in for an Engineering product; because company is USA based they assigned it an ITAR /EAR status. It was a 4" cube I modelled, and now some dev has to treat it as sensitive EAR data. LOL
Uhh
sirLinus, this is aWendy’sLinux kernel..
Why force your political beliefs on something that has nothing to do with?
Not sure if being against Russian aggression can be called a “political belief” as nearly all Finns pretty much agree on it.
@vga @ChiefSinner That it was “aggression” in and of itself is a political belief.
What else would you call it? Even if you buy one of the many bullshit rationalizations Russia has offered, invading a sovereign neighbor is absolutely aggression, if words still mean things.
So, a US invasion of Cuba wouldn’t be aggressive? I guess words really don’t mean anything then. That’s some really pathetic whataboutism BTW.
Unfortunately, Russia would not hesitate a second to use these Russian maintainers to include some shady stuff into Linux. Russia used everything they can to their advantage.
Now, we can wait for that to happen and have all sorts of issues when some backdoor gets distributed on a massive scale on a lot of Linux systems, or we can be realistic about the situation and take action before that.
I would not trust anyone from China to work in FOSS either, since they are exactly the same.
by this logic it turns out that the code quality control system is built in such a way that if someone has malicious intent and wants to add malicious code, but is not affiliated with dubious structures, then he will easily succeed? Hey, what about enough eyeballs and shallow bugs?
I do agree that quality control should catch things, but we are all human and we don’t catch a 100%. So if quality control is flooded with too much things to catch, the chance of one slipping by increases.
Also, a lot of FOSS is based on volenteers, do we just ask those people to put in more hours? Who is responsible anyways if something makes it through and actually causes damage to something or someone?
I find the decision quite reasonable. You at least filter out the party most likely to pull something shady. We should still be very careful, but it takes away some the work.
@MrAlternateTape @fireshell <sarcasm>But Stuxnet proves nobody in the United States would do that.</sarcasm>
If only there was some sort of review process for code to get into the kernel…
Yeah better discriminate based on nationality /s. But why stop at that? Poor people are too easily bribed can’t have them. I hear the CIA recruits from top US universities, can’t trust those college grads either. Anyone belonging to some homophobic church or religious group? Better not what if they’re closeted gay and get blackmailed? Anyone in a monogamous relationship should be excluded for the same reason, if you think about it. *tips forehead*
We stop at that point. Because it is very clear and obvious to everybody, that a Russian citizen can be forced to do the governments bidding at any time and Russia has demonstrated that they will do that. The whole country is build on propaganda and fear amongst it’s people.
The rest of the groups you name, are not the same. Sure, a poor person could be bribed. But is that the same as the 100% chance that Russia will use anything they can to fuck with everybody they see as an enemy? I don’t think so.
So your arguments are simply invalid in this case. If Russia was a democracy, a real one, I would say they made the wrong decision by pushing the Russians out. But in the current circumstances? I understand the decision.
If we follow through with it, I would absolutely never ever trust anyone from the US, for example. US is very much known for cyber espionage and shady operations, and could absolutely backdoor Linux.
This is all power play, and it comes from a very certain direction amidst this political struggle.
You want your open source code not to have backdoors? Review it meticulously. This is really the only way, and the one an entire open-source community relies on - pretty successfully, by the way.
The US is in many ways, as bad as Russia concerning privacy. If the Americans want a backdoor, they’ll get it too.
However, not many western countries are currently almost at war with the US, the US so far has been a very good ally to the Western countries. It is not in their interest to bring our hospitals down, or put a stop to our air traffic. They don’t gain much from hurting us. Russia does.
Russia does have an interest in bringing systems down and spying as much as possible. And they have no ethic restrictions at all.
So why should we leave an obvious angle of attack open? Sure, it’s supposedly to be found by code reviews, but why make their job harder?
Do we even have numbers on how many Russians have contributed?
it’s a pity that politics is penetrating more and more into open source and FOSS.
recently support for Russian cloud providers was cut out of opentofu. https://github.com/opentofu/registry/pull/824
now this. this is, of course, natural the core and many components of modern distributions have not been free in terms of decision-making for a long time and are under the influence of large companies, which in turn are under the influence of the USA.
Open-source is politics.
MKTux
FOSS has always been political. And usually fairly reactionary.
Agree with the former, not the latter.
See: the FOSS higs that all flipped out when contributor agreements with codes of conduct like “don’t be homophobic or racist” started popping up.
It was quite a struggle and there is still a large old guard that simply refuses to move on it.
You’re greatly overestimating how many people that is; additionally, it was largely people that aren’t very committed to FOSS that got mad. The project maintainers and most users are fine with it. People who are committed to FOSS ideals are overwhelmingly progressive to leftist. That’s why those codes of conduct were added in the first place, and were largely uncontroversial amongst most actual contributors of those projects.
The projects that have those codes of conduct are the ones where any reactionary maintainers could be overruled. You have to look to the projects that have never had codes of conduct, the old guard and Incelie techbro spaces. Brave’s CEO is a homophobe, for example. This has been known for years, he still makes homophobic comments. Brave does not have a code of conduct or community guidelines. And basically anyone that notices and tries to address an issue like racism or transphobia with a repo suddenly finds a mass of reactionaries coming out of the woodwork.
We had a time of peace everyone was dependent on each other. Now the world is fragmenting and we we’ll probably have war or at least high tension between the parties.
To be honest, the only reason why any of that appeared to be true, or the west appeared to uphold free speech, just like free trade policies and laissez faire approach to international finance, that was all just because Wall St did not feel threatened, that was all just because the propaganda was received unthinkingly for the past 30 years or so. Especially between 2001 and the first part of the financial crash.
What was this alleged time of peace you speak of?
40,000 years ago
@possiblylinux127 @TheOubliette Four years ago was certainly more peaceful than today.
I might frame it as less embroiled in open war and extermination.
@TheOubliette i don’t think there is any way you can measure and/or frame it that my statement is not true.
To split hairs, saying “more peaceful” implies it was peaceful in the first place and even is now, just less so. I don’t think it was peaceful at either point. Which why I am framing it as a status quo of violence that was lesser 4 years ago and greater now.
It depends on how you measure it. That was the start of covid so people were dying
@possiblylinux127 Whether you measure it by the sheer number of conflicts, their average size, or the number of people dying as a result.
russia is untrustworthy country and taints even regular good people by them having to live there. What can they do if kgb or something calls and tells them to put in some code they want? Refuse and watch their loved ones die? Comply but risk telling the community they just did that?
edit. ok maybe that was a bit too harshly put. But dont you think at all that there is possibility that kremlin would exploit something like that?
Finland is an untrustworthy country. America is an untrustworthy country. You want special ttreatment for citizens of the NATO bloc despite constantly running intel operations and huge invasions since WWII and especially the 90s, thag got worse after they successfully desposed the former USSR and turned it into the capitalist shithole of the Russian Federation - which tried damn hard to ally with NATO before we pushed them away. No, it’s not “harshly put”, you have antique, vicious neoconservative politics and racist bullshit to back it up.
@reksas @fireshell There is no such thing as a trust worthy country because they’re all run by politicians and there is no such thing as a trust worthy politician. There is an old saying, absolute power corrupts absolutely.
Oh… USA is untrustworthy country and taints even regular good people by them having to live there. What can they do if CIA/DEA/CIS/DHS/SS/FBI or something calls and tells them to put in some code they want? Refuse and watch their loved ones rot in prison/get deported/disappear/die? Comply but risk telling the community they just did that?
It’s a fact of life that politics permeates everything, nothing is in isolation of the political climate it exists within.
The state of the world today is a function of the politics that got us here, a big change in world politics can have dramatic and far reaching effects.
A healthy global FOSS culture requires collaborative politics to be the flavour of the day—which is unfortunately not the case in a lot of countries currently.
A healthy global FOSS culture requires collaborative politics to be the flavour of the day
Bullshit. There’s no reason people with political differences can’t collaborate on the same project, unless those differences are really huge.
Politics is not just the relationship between two people, it’s the relationship between a person and everyone/everything else in the world.
Reducto ad absurdum: would you suggest a world where every country is at war with everyone else would foster a better environment for global FOSS collaboration than one where the world was at complete peace?
I honestly thought the statement you quoted was entirely uncontroversial. “Healthy” and “global” being the key words, I’m not saying it’s a requirement for FOSS to exist in general or anything.
Well for what its worth there are other counties outside of Russia
“Compliance requirements”? The kernel’s american now?! WTF?
The commonality of all these maintainers being dropped? They appear to all be Russian or associated with Russia. Most of them with .ru email addresses.
Not short-sighted in the least…
Similarly, the driver code remains within the kernel – including for Russian hardware such as around the Baikal CPUs from Russia’s Baikal Electronics.
Not a hypocrite move at all…
Are israeli developers blocked as well? How about all american developers considering how the US foreign policy keeps fucking everyone up all over the place in the name of liberty and freedom… of oil?
Which law under which jurisdiction?
I suppose any law in any jurisdiction you want to use it, don’t you think ?
Guys, are you all really that young to not remember alla the fuss with crypto software ? Same thing here: you want to distrubute something in a country, you need to follow the country’s law, even if they are stupid.
The kernel’s american now?! WTF?
Now we see the intended outcome of the “Inclusively” movement of the past few years.
I can’t wait to see this “Inclusively” extended to China, India, Brazil and others.
We’ll truly be the most Inclusive ever!!! What a great thing!!!
I wouldn’t be surprised if they did something similar for China at some point. (If tensions worsen)
I don’t see them doing anything outside of that
The open source / FOSS movement in China is pretty rad. I use a sweet all platform text editor maintained by Chinese devs only.
People should be more wary of the control universities, NGOs, finance through those, law enforcement infiltration etc from US, Euros, Japan, South Korea, Aus has over open source projects due to technology being such a high national security priority.
Guess we’re just going to be racist and run with the misdirection of criticism of US laws on to foreign enemies. Just go with the flow, I guess.
If they really want reverse brain drain it isn’t my problem, it’s their long term problem. CERN is also making a dumb mistake, all universities are in on this, it’s imperial chauvinism.
I wanna skirt by all the political stuff and ask what that text editor is?
Nope I’m keeping it
Gaslight gatekeep girlboss
Well this is the last thread where I want to open up possibilities of text editor drama, but it is Siyuan
Fantastic to hear! wonderful news. Racists and Xenophobes will try to stop global collaboration, but the real conflict that matters will always be the smart vs the lowiq. FOSS is about humanity first and not any particular sub-category. Everyone who gets in the way is trying to divide and stop FOSS from saving the planet.
I think at the moment FOSS movement has a core of libertarian idealism which historically cleaves to the west when anything is on the line. This is because of academic institutions being dependent on/greedy for financial and political backing, and the control of the time economy of workers by tech corps trying to turn open source into “mow my lawn for free, build character” or by the media platforms which popularizers/online tutors of open source tech and software and operating systems are dependent on
However it is also a worker’s movement in some ways not just a device user’s movement, and I think it will play an important part in the battle over Wall St’s tech cash cow globally.
Racists and Xenophobes will try to stop global collaboration,
Yes! Go on…
real conflict that matters will always be the smart vs the lowiq.
Uff… That’s some serious brainworms right there. How do you call your worldview? IQ Supremacy?
You do realize that the Linux foundation is an American based entity right? It isn’t a shock that it is bound by US law.
They employ Torvalds, Torvalds owns Linux™. Who owns the code?
Yes, those are the only two possibilities going on here
exactly, can’t forget about good old racism
you sure are
I am quite disappointed at the lack of transparency regarding this.
This is dumb. Corporate divestment, sure, of course, fuck their money and their power structures. But open-source developers are not generally gung-ho about the war effort… let alone propping up their local military-industrial complex.
This is the only plan the west has to win the war. Keep fucking over random Russians in the hopes Putin somehow becomes politically vulnerable over this, despite opposition getting weaker than ever throughoit the war and with the onset of sanctions. Now we are asking random Linux contributors, please come back when you’ve overthrown your government for us.
Russia is of course the only country that has ever invaded another country so it’s only fair.
No matter how many vulnerabilities are introduced into software by western allied intelligence agencies, we should never be held accountable for dealing with them ourselves. After all Russians are uniquely responsible for their tyrannical government because of their Asiatic brainpans.
All those guns are for show, I guess.
Fuck off.
Fact is you know I am right, you just don’t have any principles. You seem baffled some people uphold principles.
Good
This is such an odd thing to do… I really cannot see the benefits for the project doing this. Maybe those maintainers were payed for their work and sanctions prohibit paying them or something?
Or maybe some Russian State backed programmers have tried to slip in backdoors in various key systems, numerous times. Including one that almost went live on millions of machines.
it isn’t like Americans would do that, right?
Even Wikipedia, which is a shockingly bloodthirsty pro-NATO outlet, admits there is zero proof that a “Russian state actor” did this, there are just “western security experts” claiming it (as usual), and opinion is divided.
Did you even read this or do you just vaguely remember a Wired article? I have been able to see through these obvious ploys since I was a teenager reading about cold war propaganda (okay that was like 5 years ago but still SMDH)
Great sign for discussion that hacking is still being treated by Redditors as Russian, Chinese, and North Korean until proven otherwise. 🤕
Lol
I wonder if there are any official US documents declaring an intent to hide cyberattacks under the flags of foreign nations? 🤭 Wouldn’t that be droll?
Even Wikipedia, which is a shockingly bloodthirsty pro-NATO outlet, admits there is zero proof that a “Russian state actor” did this, there are just “western security experts” claiming it (as usual), and opinion is divided.
Well, I don’t think that a “[insert your preferred state] state actor” would ever coming out saying “yes, we tried to to it”.
Not to say that what Wikipedia say is false but on the other hand I am not sure how to check if it is true, in these cases.
It’s literally just speculation. Even if it were true, what the fuck does that have to do with the nationality of a few Linux contributors? Have you people cracked?
It’s literally just speculation.
I agree.
Even if it were true, what the fuck does that have to do with the nationality of a few Linux contributors?
Probably nothing, I agree. But since there are sanctions against Russia I suppose they have not really any other choice.
Is that sad ? Yes, but it is life.
By keep it vague and saying their hands are tied they also get to dodge any kind of scutiny on what decisions they actually made before doing this.
@griefstricken @chaogomu Seems to me, after the Stuxnet incident, any US claims of bad foreign actors are a bad case of the pot calling the kettle black.
The funny thing is Stuxnet is a good example of how sanctions can backfire. We used a supply chain attack and the Iranians hardened their systems. Can anyone really claim it was any different than another Mossad “humiliate them and hope something happens” operation that ultimately blew the cover off years of intelligence work?
The Lebanon pagers attack, Russian sanctions and CERN or Linux creating reverse brain drain will continue to backfire, on our ability to even twist these screws, also on our supply chains in countries which consider themselves a US target or even just a middleman.
But where do you have information that it was russian state? There are many state actors capable of doing this. Just saying
What I see is that someone is arguing the point that all Russians are criminals. If someone is sending bad code, they usually just get banned, this time it’s preventive measures based on ethnicity.
My first thought is that this was to make Linux palatable to western regulations, like how companies can’t use Kaspersky anymore. Stupid if I’m right because it’s not like the fsb is going to sneak spyware into Linux.
Edit: Linus commented on this and I was right: https://lemmy.world/comment/13034386
Possibly, but that’s a much smaller project being run by 1 guy. Linux has a lot more people and reviews involved.
No one knows yet. Given the scale of the operation it’s most likely a large organization.
They very well could. However, it also could come from some US intelligence agency as well.
LMFO I was on the reddit thread reading this post and coudn’t believe my eyes reading the comments. We’re living truly revelation times. Like you said this is a long due wakeup call for the rest of the “uncivilized” world.
I think the Russians that would want to backdoor stuff would just use a name like John.
https://www.tomshardware.com/news/linux-fellow-bans-university-contributing-kernel Or just suggest they back door the kernel to an American university
Error 500 can’t upload the image but check these names for ideas on your next Russian puppet account:
https://imgur.com/gallery/even-more-american-names-from-that-japanese-baseball-game-6HAtN
Edit…I wasn’t calling HIM a Russian troll. I was suggesting to use these names the next time AnYONE makes a Russian puppet account. Sorry, language.
Mine?
No I’m getting error 500 when trying to upload a photo. So I linked an imgur of what I was trying to to reference. It’s from a Japanese baseball game they marketed in America.
Oh! No, you’re not a Russian puppet account. I was saying the next time the Russian troll farm needs new names try the ones I linked.
Also from seemingly reasonable commenters there are many arguments around security coming up. I don’t get how one can jump to that idea? This obviously has nothing to do with security, it’s about sanction compliance. And yes, likely a pretty pointless sanction compliance in this instance, as the sanctioned entities don’t have a direct benefit from having an employee name mentioned in the kernel. However that’s not how sanctions work, both just because, and also intuitively it makes sense: Sanctions wouldn’t be enforcable at scale if every single case would have to be judged on merit - it’s hard enough to enforce them as is.
And btw I so hope most of the comments on here are Russian trolls, but I fear many are people that fully drunk the Russian trolls’ cool-aid and are now fully brainwashed…
Please report those comments so we can remove them too plz.
he makes me want to switch to bsd
is bsd safe from this? where is their foundation based?
university of california
Now what the actual fuck
Linus gives it a full green light and refers to negative reactions as Russian bot attacks
https://www.phoronix.com/news/Linus-Torvalds-Russian-Devs
He’s Finnish by heart even though he lives in the US. I think it is probably a pretty big worry for him that Russia might invade Finland.
I doubt this is something that he would initiate but if there was any pressure from other parties (I’m sure there was) I don’t think he is going to fight it.
he’s just an American nationalist at heart. his dad was a member of the Russian communist party and his biography seemed to make clear that rebelled from that.
socially he’s not terrible but when the war drums come beating he’s stepping in line for the stars and stripes
I know you are saying this is a bad thing but as an American I have no issues with it.
deleted by creator
American national can take many forms. The kind the person is probably the kind based in American idealism (think superman, Captain America, “liberty and justice for all”) and less the kind based in racism.
socially he’s not terrible but when the war drums come beating he’s stepping in line for the stars and stripes
Like pretty much every Finn would these days, really.
I understand that.
But he also sits at the heart of the open-source community, and his actions might ripple through the entire sector. With this much influence, allowing your personal fears to chime in is unacceptable.
Once we start fragmenting open-source the way we fragment everything else, we lose the very spirit of it and open doors to so much potential power abuse.
Besides, I really don’t see how restricting Russian maintainers would prevent Russian military aggression. If something important there is powered by Linux, it can be forked and modified to serve a specific need. Not to mention Finland is now part of NATO.
Russia might invade Finland.
Finland’s part or NATO now. Putin may be a lot of things, stupid ain’t one of them. Ironically, this kinda backfired on him but can’t say it was unexpected considering most scandinavians love the american dream.
Actually insane lol. But you can’t expect much from anybody who willingly takes money from IBM.
