this post was submitted on 24 Oct 2024
157 points (95.4% liked)

News

23267 readers
3444 users here now

Welcome to the News community!

Rules:

1. Be civil


Attack the argument, not the person. No racism/sexism/bigotry. Good faith argumentation only. This includes accusing another user of being a bot or paid actor. Trolling is uncivil and is grounds for removal and/or a community ban. Do not respond to rule-breaking content; report it and move on.


2. All posts should contain a source (url) that is as reliable and unbiased as possible and must only contain one link.


Obvious right or left wing sources will be removed at the mods discretion. We have an actively updated blocklist, which you can see here: https://lemmy.world/post/2246130 if you feel like any website is missing, contact the mods. Supporting links can be added in comments or posted seperately but not to the post body.


3. No bots, spam or self-promotion.


Only approved bots, which follow the guidelines for bots set by the instance, are allowed.


4. Post titles should be the same as the article used as source.


Posts which titles don’t match the source won’t be removed, but the autoMod will notify you, and if your title misrepresents the original article, the post will be deleted. If the site changed their headline, the bot might still contact you, just ignore it, we won’t delete your post.


5. Only recent news is allowed.


Posts must be news from the most recent 30 days.


6. All posts must be news articles.


No opinion pieces, Listicles, editorials or celebrity gossip is allowed. All posts will be judged on a case-by-case basis.


7. No duplicate posts.


If a source you used was already posted by someone else, the autoMod will leave a message. Please remove your post if the autoMod is correct. If the post that matches your post is very old, we refer you to rule 5.


8. Misinformation is prohibited.


Misinformation / propaganda is strictly prohibited. Any comment or post containing or linking to misinformation will be removed. If you feel that your post has been removed in error, credible sources must be provided.


9. No link shorteners.


The auto mod will contact you if a link shortener is detected, please delete your post if they are right.


10. Don't copy entire article in your post body


For copyright reasons, you are not allowed to copy an entire article into your post body. This is an instance wide rule, that is strictly enforced in this community.

founded 1 year ago
MODERATORS
 

The title really undersells it, it seems like under a Biden Executive Order, free/open-source software will have to ban all Russian contributions. Its unclear if American developers would be allowed to contribute to Russian software like Nginx

all 38 comments
sorted by: hot top controversial new old
[–] Enkers@sh.itjust.works 38 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

From the other phoronix article:

UPDATE: When asked whether Linus Torvalds was under any sort of NDA around this, he responded:

"No, but I'm not a lawyer, so I'm not going to go into the details that I - and other maintainers - were told by lawyers.

I'm also not going to start discussing legal issues with random internet people who I seriously suspect are paid actors and/or have been riled up by them."

I don't love this decision, but I think if you're willing to read between the lines here, it sounds like maybe he didn't have much of a choice. Then again, Torvalds also seems pretty happy to comply.

In other areas, sanctions don't always mean a complete ban. For example, Ian Nepomniachtchi is still allowed to play chess internationally, just not under the Russian flag. This seems needlessly putative unless there are legitimate security concerns.

[–] InverseParallax@lemmy.world 23 points 2 weeks ago (1 children)

In other areas, sanctions don’t always mean a complete ban. For example, Ian Nepomniachtchi is still allowed to play chess internationally, just not under the Russian flag. This seems needlessly putative unless there are legitimate security concerns.

This is absolutely not an absolute ban, they can contribute code, they simply can't be named maintainers with full commit authority.

Also apparently they are intending to re-add those who can be confirmed as unaffiliated with the Russian government.

[–] aidan@lemmy.world 11 points 2 weeks ago (1 children)

Also apparently they are intending to re-add those who can be confirmed as unaffiliated with the Russian government.

Do you have a source for this? Because that would be really good news.

[–] InverseParallax@lemmy.world 15 points 2 weeks ago (1 children)

In the patch.

Remove some entries due to various compliance requirements. They can come back in the future if sufficient documentation is provided.

It was vague, but this seems the clear intent.

[–] aidan@lemmy.world 7 points 2 weeks ago

But its not clear that the compliance requirements are about being government affiliated...

[–] aidan@lemmy.world 6 points 2 weeks ago

Yep, my reading of the law is the ban is specifically to do with "providing software services to Russians" and somehow collaborating on open-source software would be that. But I don't entirely understand how.

[–] sin_free_for_00_days@sopuli.xyz 26 points 2 weeks ago (1 children)

Linus either makes me think he's a dick, or he makes me laugh. Sometimes both. I liked his response:

Greg Kroah-Hartman who authored the patch dropping the various maintainers has yet to comment on the mailing list thread, but a few minutes ago Linus Torvalds chimed in with his opinion. Linux creator Linus Torvalds wrote:

"Ok, lots of Russian trolls out and about.

It's entirely clear why the change was done, it's not getting reverted, and using multiple random anonymous accounts to try to "grass root" it by Russian troll factories isn't going to change anything.

And FYI for the actual innocent bystanders who aren't troll farm accounts - the "various compliance requirements" are not just a US thing.

If you haven't heard of Russian sanctions yet, you should try to read the news some day. And by "news", I don't mean Russian state-sponsored spam.

As to sending me a revert patch - please use whatever mush you call brains. I'm Finnish. Did you think I'd be supporting Russian aggression? Apparently it's not just lack of real news, it's lack of history knowledge too."

[–] FlyingSquid@lemmy.world 15 points 2 weeks ago

Linus either makes me think he’s a dick, or he makes me laugh.

He's Finnish, so that checks out.

[–] UnfortunateShort@lemmy.world 13 points 2 weeks ago

I mean, it's on Phoronix to take this kinda out of context, but on Linus how he phrases things. You would think after years at the forefront of one of the most important FOSS projects, he'd know better.

So to add some missing context: We are talking 11 maintainers, it's not like hundreds have been removed. Im addition, it seems like most of them are employed by russian companies, not private individuals. Their code on the other hand has not been removed.

What bothers me is that it's unclear whether future pull-requests would be rejected as well, or whether this is a matter of association.

IMO it would have been nice if Linus focused on some details regarding this action in his response, or alternatively not responding at all. Even if all he can say is that currently he can't comment on it, it's definitely better than borderline xenophobic rambling and getting mad at supposed trolls, feeding trolls if anything.

[–] antihumanitarian@lemmy.world 12 points 2 weeks ago (1 children)

I haven't gone through all their work, but some of the delisted maintainers were working on driver support for Baikal, a Russia based electronics company. Their work includes semiconductors, ARM processors. Given the sanctions against Russia, especially for dual use stuff like domestic semiconductors, I would expect that Linus and other maintainers were told or concluded that by signing off and merging their code they'd be personally violating sanctions.

[–] aidan@lemmy.world 1 points 1 week ago
[–] henfredemars@infosec.pub 5 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Looks like a dumb and ineffective move in general. No public answers as to what the supposed compliance requirements are with the patch. And, removing credit or banning individuals based on nationality seems like really poor precedent.

~~I disagree that this has anything to do with any Biden executive order. In fact, the patch doesn’t say anything about what those requirements are or what prompts the change. I don’t see why FOSS in general even necessarily needs to comply with US regulations. I think we should refrain from this kind of speculation.~~

EDIT: Linus later confirmed the sanctions were the cause of this action on the mailing list.

[–] aidan@lemmy.world 14 points 2 weeks ago (1 children)

I disagree that this has anything to do with any Biden executive order.

That I based on another source (video by Bryan Lunduke) that claims to have insider information.

I don’t see why FOSS in general even necessarily needs to comply with US regulations.

From what I can see in the law, providing licensed software, even if it is GPL licensed would be in violation of Executive Order 14071

[–] henfredemars@infosec.pub 9 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

I’m sure an open sourced project hosted in China would gladly tell the US to shove their executive order up their collective ass.

That is a valid concern though for the Linux Foundation. I hope they do not get involved in politics. I really hope not.

Claims of insider information… Certainly suspicious circumstances. I suppose we won’t know until more information becomes publicly available.

[–] aidan@lemmy.world 3 points 2 weeks ago (1 children)

I’m sure an open sourced project hosted in China would gladly tell the US to shove their executive order up their collective ass.

Why? There's plenty of great open-source projects made by Chinese developers... People are not their governments, and there are good people and good developers everywhere.

[–] henfredemars@infosec.pub 10 points 2 weeks ago (2 children)

Right. The ones outside of the US don’t need to comply with US law. Perhaps I’m missing the point?

[–] aidan@lemmy.world 9 points 2 weeks ago

Sorry I completely misread what you said. I thought you were defending the executive order because "China would do the same" I honestly have no clue how I got that from what you wrote. My bad, I agree with you.

[–] orclev@lemmy.world 2 points 2 weeks ago (1 children)

Correct me if I'm wrong, but I thought Europe also had sanctions in place against Russia at this point now as well? Seems likely this would be an issue in pretty much any NATO country not just the US.

[–] henfredemars@infosec.pub 2 points 2 weeks ago

True! The sanctions aren’t necessarily US centric.

[–] orcrist@lemm.ee 5 points 2 weeks ago (1 children)

Linus says your reasoning is inaccurate.

[–] aidan@lemmy.world 8 points 2 weeks ago

Yeah Linus just said "Legal reasons" but made it clear he supports it.

[–] foggy@lemmy.world 1 points 2 weeks ago

The social engineering on open source maintainers that create lesser understood security implications are basically toast.

:(

I really don't know what the answer is other than HEY EVERYONE PLEASE HELP but like, glhf.

Sux.

[–] TheGrandNagus@lemmy.world 0 points 1 week ago

Fucking based.

[–] mlg@lemmy.world -1 points 2 weeks ago (1 children)

I wonder if there is any merit to this or if the government actually suspects or believes there is a large risk giving certain maintainers access.

I could actually see NSA protecting Linux with reasonable intentions, but I could also just see the whitehouse making dumbass moves because some shmuck wants credit for "securing" something.

Either way, I don't think it's large enough that it's much of an issue.

[–] aidan@lemmy.world 3 points 2 weeks ago (1 children)

I don't think this is about security implications, but I may be wrong. My understanding is this is related to the export sanctions, meant to hamper the Russian economy.

[–] mlg@lemmy.world 5 points 2 weeks ago

That seems weird considering anyone can easily access and fork it if they want.

Reminds me of the old crypto algorithm export laws which fell apart for the same reason. Now curve25519 is even in FIPS as the default next to the NIST curve.