so are we okay with banning development time donated to foss because of nationality?
are these people found to support heinous shit or is this just wartime shenanigans?
Dude is Finnish, from his own mouth, it’s just normal racism against an aggressive imperial, like how people hate the us
Edit: like how people from lemmy.ml hate Americans, if that wasn’t clear
finland has pretty bad climate-change-exploitation-fucking-over-the-third-world dealings in my country, despite enforcing seemingly very good stuff inside their own borders so meh, id argue they aint close to the victims they make out to be. some would argue that as a consequence for having a strong socialist influence.
i have mixed feelings about them as a country, but i recognize there are plenty of good (and even well known good) people on there because of the aforementioned good stuff, linus included. for different but not that dissimilar reasons i think contemporary russian citizens should not be blanket banned from helping everyone out.
finland has pretty bad, climate-change-exploitation-fucking-over-the-third-world dealings in my country
Which country is that, and what dealings?
brazil, and they do some shady stuff in the amazon. mainly fuck you extrativism.
Can you find any links where one can read about this?
If Finland is wasting tax payer money to something shady, it should be brought to the local media.
heres one i found with a quick google.
this one is about southeast/northeast brazil, but the finnish are involved in aggressive extractivism in northwest brazil (amazon rainforest) too, and i think its even worse over there. you will dig up pretty horrible things if you do some research on it. about most of the western 1st world countries tbh.
https://en.m.wikipedia.org/wiki/East_Karelian_concentration_camps
As if Finish people had any moral ground here
Sure nice of Russia to look after only the breeding stock. Seems some things never change.
yeah i aint putting my ass on the line for that country, thats for sure.
It’s “for any county” to me. Nationalism is a cancer
Shit like this is why I use the most generic yankee cowboy aliases online.
the comments on the article started off pretty good but pretty quickly devolved into a cancerous combination of NAFO and Hasbara.
Hm i never coded a line in my life, but i always wondered so honest question to the experts here: is it realistic that someone codes security back doors so hidden in other bad or wrong documented code, that nobody recognizes it in OSS community? I mean code is getting more complicated and specialized, dont you need more and more human resources (more than one person and hopefully not all with a bad intention) to check over that code? If im correct you shouldnt let more code into your software than the community is able to check an validate several times… Doesnt mean it has to be russians that need to be excluded idk
Interesting answers, thanks!
This might not be super useful if you don’t write code but I always found the contest submissions fun to read and try to figure out for the https://www.underhanded-c.org/ contest.
They break down and explain the runner up and finalist for each year and how the attack works. It’s usually something very subtle that most people wouldn’t catch.
Yes, not only is it realistic, it has actually happened. It’s easier to write code than understand it. Even when reviewing code, you miss more or less obvious issues. Not to mention intentional vulnerabilities that can be sneaked in over multiple commits and time span long enough to make reviewers forget the larger context.
There will be a million security issues across all OSS. Some of it will be intentional; if so definitely don’t expect it to be a “findable” back door. It will be a set of vulnerabilities across several projects, that when combined allow the perpetrators privilege-escalations or a known path through a security system. Removing “Russians” from contribution doesn’t actually stop that, everyone can use a VPN and work as an American or whatever, but it does send a signal.
Some old folk are reminded of https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States
Ah, the Crypto Wars…
sir this is a public fora, people speak as they wish?
better reasoning comment up:
https://thebrainbin.org/m/linux@lemmy.ml/t/348217/Phoronix-Linus-Torvalds-Comments-On-The-Russian-Linux-Maintainers-Being/comment/3467412#entry-comment-3467412
The security issue is very likely scenario. If you’re in Russia, you can go to jail at any moment on totally bogus charges. It is very easy for FSB to pressure some random kernel maintainer into adding hard to detect backdoor into their code, it will be XZ situation all over again.
This actually makes common sense.
Freeze peach doesn’t mean you can call people "fag"s. By using that word you’re 1. insulting those who express their gender as they wish 2. calling us names
Also, my point is that there is precedent for laws to geopolitcally restrict open source. I agree that there is a real security issue.
I’m a soy boy
sir this is a public fora, people speak as they wish?
As you know, they do not.
Oh, did I get whooshed by a meme? :(
Lolz. Please… continue. Don’t leave us all in the lurch to explain your crazy ideas to yourself. Share with the group!
No, you’re linking to a conspiracy theory in Wikipedia.
What? No: I am a graybeard, and I lived through those software embargoes.
removed by mod
Lemmy was built by communists. you would be better served by going back to Reddit.
are the tankies in the room with us right now
People are upset at Linus like he started the war
Russians FAFO
As a finn, I understand that there are probably legal reasons for doing this.
I just wish they would be transparent and share those reasons with us. The Linux kernel is certainly not the only free software project that is impacted, if this comes straight from EU/US sanctions. Maintainers of other projects have a lot of interest in what is happening.
Transparency is also important because if EU/US policy/sanctions are causing issues for free software projects, then that discussion needs to be public, so that there is a chance to amend the policies if necessary.
Politics should not be on FOSS development.
deleted by creator
That is hardcore wishful thinking, the nature by which critical digital infrastructure is developed and maintained is of keen importance to political systems everywhere. This situation was inevitable with the ongoing escalation of war
That’s why the “should be” I guess, though that’s not to say there aren’t idiots (right in this thread too) actually shilling for this.
If current open source licenses still have flaws like this, we’re gonna need new ones.
The F in FOSS stands for politics
The legal reasons was because the Linux Foundation is based in the USA and the targeted devs worked for companies explicitly sanctioned by the USA. Linus said he knew and trusted the devs he was forced to delist.
The Linux Foundation needs to relocate to some stable neutral country like Switzerland.
Switzerland is controlled by the US
Suggest a country then
deleted by creator
Banning Israeli contributers too?
Unironically I would support it
I would never. The idea that any person should be disbarred from contributing to FOSS due to the actions of their government, is incredibly exclusionary. Linus is acting as much like a toddler as daddy USA is.
The funny thing is the Baltoids actually believe this will be good for Linux. They genuinely have no idea what they have done.
The west is sanctioning Russia because their daddy US tells them to. Similarly they don’t sanction Israel because of daddy.
deleted by creator
ALL of them? Not at once. Usually.
It’s not about punishing Russia, is admit preventing vulnerability to a country that has an ongoing effort to compromise infosec.
Not at all saying Israel doesn’t suck balls right now.
deleted by creator
They would never!
Free as in… obeys US foreign policy
In the article, Linus explicitly said that it’s not just a US thing:
And FYI for the actual innocent bystanders who aren’t troll farm accounts - the “various compliance requirements” are not just a US thing.
That’s more like his opinion or a post facto justification. Turns out it is a US thing.
If your company is on the U.S. OFAC SDN lists, subject to an OFAC sanctions program, or owned/controlled by a company on the list, our ability to collaborate with you will be subject to restrictions, and you cannot be in the MAINTAINERS file.
So to get back, you have to basically prove that you have no relations with OFAC SDN companies.
This update is from https://lwn.net/Articles/995186/
I’m pretty sure not just the US wants Russia sanctioned to the oblivion. All of the Europe that borders Russia wants that. Now why would it be like that?
It makes no sense to discuss here.They probably follow Russia’s narrative of Europe being a puppet of the US.
We’re gonna start seeing large open source communities start to break into smaller ones because of sanctions from now aren’t we?
This sets such a bad precedent…
The bad precedent was starting a war
Yeah I’m sure the maintainers are in talks with Putin directly
Maybe not Putin personally, but it’s an autocracy. If/when the Russian government comes knocking on their door and tells them that they need to do x, y, and z with the kernel, otherwise they will mysteriously fall from a high window (an extremely credible threat these days), what do you think they’ll do? What do you think you would do?
Sucks for the majority of Russian developers that want to participate in the FOSS community, but I get it. It is a national security issue.
This is kind of how sanctions are meant to work. We could have a discussion about whether or not sanctions should be used as it is sort of a form of collective punishment, but that’s a separate argument.
They want regular Russians to “feel it,” so that there is more pressure from the populace to get them to stop doing the shit they were sanctioned over. Obviously, in an autocracy, it’s much easier to just ignore and suppress dissent. But, generally, the idea is to make everybody feel the consequences for invading a sovereign nation.
If/when the Russian government comes knocking on their door and tells them that they need to do x, y, and z with the kernel
CIA could do that too.
Ah yes. The Finnish CIA.
They have one?
Any moderator want to actually let me know why my comment was removed, or…?
Is pointing out the dangers of working in an autocratic nation against the rules?
I can see the comment dude.
Arguably, ITAR set the precedent in the 1990’s during the crypto wars. USians used to have to travel to Canada to work on cryptographic code in OpenBSD because their commits couldn’t legally be exported.
They’ll fight over fonts meanwhile WordPress is on fire and where are the forks?
Or a name
This article gives a good discussion about a potential coming East/West political split in the world of FOSS.
https://thenewstack.io/avoiding-a-geopolitical-open-source-apocalypse/
One of the worst news I’ve read lately.
Why aren’t Israeli maintainers removed? Oh because linux is basically owned by IBM now.
The linux kernel isn’t free anymore. It’s open source, but not free.
Based Linus as always
