Posted by koutsie 4 days ago
>No, but I'm not a lawyer, so I'm not going to go into the details that I - and other maintainers - were told by lawyers. >I'm also not going to start discussing legal issues with random internet people who I seriously suspect are paid actors and/or have been riled up by them.
Which I find pretty concerning statements, quite a disservice to the community. It's a global community, and here the maintainers take some action without explanation. They don't even have a communiqué at hand to tell people what this action is, why it was taken, and which alternatives were considered but rejected. This is the bare minimum that I expect of the maintainers of a piece of software that is very critical to many millions of systems worldwide. Counting on the goodwill of users is not acceptable for an operating system that underpins the security of people's computers.
You can’t cry foul when the group is literally providing you with free software. Open source institutions don’t own anyone anything beyond open software.
What specific law are you talking about?
As an open source community leader, putting up consists of leading well, and transparently. It's not just a coding role. He may have inherited the leadership role by being the original coder but he has to keep it by being a worthy leader.
I speculate Linus or Greg received the equivalent of a National Security Letter. Otherwise they could point to the regulations.
While a little bit too much of a guess, it's quite possible that whatever three letter agency finally had a high-confidence note on who was behind the XZ backdoor and decided to issue an (blatant) order to kick out all Russian maintainers, because that's how USG usually works.
It's not their software. Linux kernel is written by thousands of people from all around the world.
Russia is an objectively fascist (not technically "nazi" of course) state, though. It literally ticks almost all the boxes.
Russia is bad, but that doesn't mean I'm in support of bans like this without a reason. Just because you "have the reason to commit crimes" is not strong enough a reason to exclude you! How child's bully it is!
So we agree that invading other countries is wrong. However you believe that a country has the inherent right to do anything (including imprisoning, murdering them etc. etc.) to its citizens and face no external repercussions? At the same time other countries do not have the right to not do business with that country or to prevent its citizens from doing that. Seems slightly contradictory? No?
> not strong enough a reason to exclude you
IMHO that just sounds like a pretext to me and the removal itself seems like mainly a political statement (especially considering the rhetoric coming from Linus himself).
Not that I'd have any issues with that whatsoever (if those people really want to keep their maintainer status so strongly they could've just moved to another country like a over a million of other Russians did.)
And saying "they could easily have emigrated" shows that you have zero touch with the common man. No, many people can't "simply leave" even if their profession is in demand.
Edit: ah, I now see your other comments. No further discussion needed, don't forget to label me either a paid troll, a useful idiot, or both.
Mao's Red Guards. Because these ducks quack like those ones did.
You’re insane, if you think that this is grey situation.
Vanishing empire invaded another country with intent to occupy and subjugate another. Expecting that one hand can rape, kill, steal while another participates just like nothing happened is psychopath mentality.
You're saying that you don't trust Torvalds. I do trust him.
Linus said there are legal reasons that involve laws and lawyers and he's not going to go into more detail on the internet. If you had responsibilities to other people as Linus does, and those responsibilities included discussions with attorneys, you'd be a fool to talk about the details i public, so your personal needs in this matter don't see important to me.
He also says he's not US but Finnish, and given the history of Russia's attitude toward Finland, he's fine with it. He also says that what's involved here is not simply US law or policy, so laying the blame for this on the US is misguided.
I don't know if that's accurate, but seems feasible. If so I'm 100% behind it.
It'd be nice to know the exact reasoning for this, rather than just see a commit without any context of why they're being removed. I'm pretty sure we'll know in due time.
I highly doubt anyone banned will even try to send "sufficient documentation". The wording is as vague and arbitrary as it gets, and the underlying tone sounds to me not like "we have such and such requirements", but like "some Russian-sounding names are banned, but we still have to demonstrate there is a due process".
Reminds me of banks. Banks are fined for not having processes for detecting money laundering. Not money laundering, mind it, just having "inadequate" processes. If such a process flags someone, that someone is blocked and they should provide "sufficient documents", but the bank is not allowed to tell them why or what, that would be "tipping off", which is illegal. And then it all comes down to bank's internal policies (that the bank is not allowed to disclose) or even a personal relationship with a branch manager.
Isn't that how most compliance regulation works? You can't force companies to have a perfect record of preventing something, no matter how you structure things, so instead of trying to do so, you setup something that will at least preventing it somewhat. And then you fine the companies who don't do anything to prevent the issue.
That's not true! There are still many Russian maintainers in the kernel, but they are not based in Russia. They only banned individuals, based in Russia, who are employed by sanctioned companies.
They just happened to still use their older .ru email in the MAINTAINERS file.
Not much exact reasoning added, if you ask me. Quoting:
> Ok, lots of Russian trolls out and about.
> It's entirely clear why the change was done, it's not getting reverted, ...
> And FYI for the actual innocent bystanders who aren't troll farm accounts - the "various compliance requirements" are not just a US thing.
> If you haven't heard of Russian sanctions yet, ...
> As to sending me a revert patch - please use whatever mush you call brains. I'm Finnish. ...
is it? the actual specifics of the sanctions matter, I don't think any of the US sanctions would prevent them from participating in kernel programming.
I saw some comments on Reddit about people with @gmail.com (I think), but other comments pointed out that these people were not actually removed and were just present on a screenshot.
Care to name a few?
They seem to have a lot of what kids today would call bangers.
Some of my favorite Argentine songs: Donde Manda Marinero, En La Ciudad De la Furia. Fabiana’s album that I torrented back in the day happens to be covers of the famous songs and I like a lot of them too
Disclaimer, I just happened to know some Argentine songs that are total ear worms, not necessarily an expert in Argentine music
In any case: (1) there has never been a "civil war" in Ukraine in modern times; (2) Azov was formed in May 2014, well after Russia's invasions of both the Donbas and the Crimea were well underway; and (3) nevermind the rest.
Any self-respecting maintainer will not come back after this.
Linux might have a lot of developers, but has a hard time finding and retaining maintainers.
This is not a good development.
EFF should start a fork if any part of them still stands for what's in their name.
It's not a big deal for Linux either, the code in question is mostly for devices that are not sold in the west. So no loss there.
That's the beauty of open source, you can say no to contributions for any reason whatsoever, and the contributor can fork your code and continue to develop it as they please.
I live in a country which may one day find itself under US sanctions, and I'm been busy cutting reliance on American services, just to avoid having to migrate everything in a rush if that happens. Everyone here understands this (for example, my day job migrated off GitHub to self hosted gitlab back in 2022), and I can't imagine many people will be interested in spending years of effort to then possibly be kicked from the project because they chose to be born in a wrong country.
Something like 80-90% of said contributions are essentially corporate.
If Project P in Country A is identified by Country B as a potential target for planting cyber-attack-enabling backdoors, Country B has an incentive to find people to put a backdoor in P.
If Country B is a free country with rights and ethics, they will say "Help us put a backdoor in P. We'll pay you very well for services rendered," or try to get someone who already works for Country B intelligence into P's management structure.
If Country B is an "evil" country, they will do all of the above, but will also tell people of influence in P who live or have family in Country B or its allies, "Help us put a backdoor in P. If you refuse or if the backdoor doesn't work or if the legitimate workers of P find it and remove it before it helps us, you'll be arrested and/or tortured and/or killed and/or your family too."
Removing Russian based kernel maintainers from positions in which they could conceivably help insert a backdoor into the kernel hopefully removes the incentive for the Russian government to threaten (or carry out) horrific violence against these individuals and their families.
register a free gmail account and come up with a fake name. Gotcha. Certainly no bad guy will ever think of this.
I think Australia had something called Technical Capability Notices (TCNs) back in 2018? For legal entities for sure, not sure about hobbyists.
The last paragraph also makes the whole situation sound like someone cares for Russian developers' well-being. I highly doubt it was ever the intention.
It also made me realise what a cushy, insular world I live in not having to worry about those threats when I write software. Made me more aware of what others might face.
When a society starts shadowboxing figments of its own imagination, that is not a good sign for the health of the society.
1. The mechanisms for its existence exist
2. There is motivation of a large enough scale
3. The scale of the actors is large enough
The Linux kernel is very large, and nation-states like Russia are also very large. There is a very high motivation for a backdoor to exist for the Russian government. And the mechanisms are certainly in place to create such a backdoor.
So, I conclude there would absolutely be a Russian backdoor planted, if it isn't already. For the same reasons I conclude Windows probably has multiple backdoors for US agencies.
As a side-note, the scale of the Linux Kernel matters here. It's over a billion lines of code. It's truly trivial to sneak in an exploit and have it never be discovered. You can't prove a negative here - just because we haven't seen an exploit doesn't mean they don't exist. Also, we have found MANY bugs in the Linux kernel. Are they exploits intentionally planted? Virtually impossible to tell. Some bugs have existed for decades before discovery.
You should assume your operating systems already contain many exploits. Thus, we have tools like encryption, firewalls, and trusted repos to protect us anyway.
Note this doesn't mean I support the move. Certainly, any other country could implant backdoors (and probably have already). However, the Linux kernel kind of sort of belongs to the West, and the West kind of sort of has an alliance. So it makes sense why Russia is singled out.
> the Linux kernel kind of sort of belongs to the West,
I don't agree.
For the same reason, I can be highly confident there is at least one person stealing office supplies at Amazon. And I can be highly confident there are some examples of data theft in automobiles. I just use the same principles as above.
> I don't agree.
Okay. How?
The vast majority of Kernel developers are from the West and live in the West. The kernel was created in the West. Management is in the West. And the majority of large tech companies are Western, so probably the majority of Kernel users are also in the West.
Therefore, the West has a majority control over the kernel, and they have a huge incentive to "protect" it to how they define that. That's that, and we can tell this is the case because it wasn't Russia banning western devs from kernel development, was it?
Also: on the topic of chaos, this is why the "motivation" bullet point exists. If there's no motivation, I can't be sure, due to chaos. Chaos means even things that should happen may not. Motivation, particularly of the financial variety, cuts through the chaos of humanity. I am very confident in asserting that and I think pretty much all of history supports that.
True life-changing money, in all absolute sense.
Not that I disagree with the move 100%, but I don't think it's that clear cut.
Linus holds the trademark. The copyright holders are the contributors to the source code. Nobody "owns" it, that's the point, it's an international project.
cough xz cough
If the Russian government is blackmailing you your are certainly screwed. In US.. well it depends but you could quite easily bring down the people doing this to you with yourself if you chose not to comply. Therefore no rational US government "actor" would engage in something like that outside of extreme circumstances.
I personally don't see much difference between "going down" and "going down together with other people". At least for myself and my family. I'm screwed anyway.
the Linux User Group of Northern Virginia, the suburb of DC with all of the money, used to hold their events at local Palantir office.
lotta Red Hat contracts with the FedGov. And RH commits a lot of code to the kernal and other FOSS projects.
If your system relies on people being in "a free country with rights and ethics", then you have a bad system widely open to abuse. After all, who decides which country is "free" and which is not? White house? Should you exclude people from all "non-free" countries?
People/companies do this because lawyers tell them that there is a risk that the activity may violate sanctions. And yes the lawyers are probably overly conservative, but that's because there often isn't a way to know for sure whether something is actually a violation until you end up in the courtroom.
You've outlined a justification based on a kafkaesque stockholm syndrome vibe. The system doesn't work as well as it's being advertised, does it?
Not being in active occupation war would be a good start.
Governments in US and other democratic states would be risking a lot more if if other government agencies, courts, media etc. figure that out. Therefore as long as they are somewhat rational they are less likely to engage in something like that.
Any equivalent would be more or less entirely downplayed or ignored by Russian media. Did the same happen in the US/etc.?
A member of the House of Lords, Lord Lea, has written to the London Review of Books saying that shortly before she died, fellow peer and former MI6 officer Daphne Park told him Britain had been involved in the death of Patrice Lumumba, the elected leader of the Congo, in 1961.
When he asked her whether MI6 might have had something to do with it, he recalls her saying: "We did. I organised it."
And in modern times. Russia would be screaming out of their lungs and threatening nuclear war if CIA or MI6 murdered someone in Moscow with plutonium tea.
https://en.m.wikipedia.org/wiki/Poisoning_of_Alexander_Litvi...
You can also use some examples from the Boer war or even the Opium wars...
Nobody is equating Putin with Stalin either (he's more of a miserable version of Mussolini if we're being fair...)
How child play and naive you're thinking of politics. If Russia ever had that degree of power to control the behavior of its citizens, it would have already ruled the world.
You can't even fully control a 5-person band and you're telling us that magically Russia is able to control millions of people, amongst which none of them know justice or human rights enough to leak any info. You know, even under the infamous assassin attempts from FBI, Snowden managed to flee to Russia. How can Russia be more powerful than the US in this way?
I'm not saying good words to any regime. I mean both the US sanction and the Russian invasion suck. I don't want another country bossing over what you can do, and I don't want another country pointing guns on your head either.
They’ve literally killed most powerful and influential opposition leader on open display. Use your brain, it’s not hard.
To this casual bystander it seems like they usually hurt innocent citizens far more than the leaders of the usually authoritarion regime that it targets.
That's kinda the point. The common folk put pressure on their leaders to correct their behavior.
Has that strategy ever worked?
But sure.. usually it doesn't really work out.
Of course weakening the target country economically, politically and militarily is still better than nothing,
When the US illegally invaded and devastated Iraq in 2003 under the fake pretense of WMD weapons, no sanctions against the US from the other Western countries followed. And of course the US didn't sanction itself and the American people reelected the president who started that war instead of surrendering him to the International Criminal Court.
So, if one constructs a logical chain from that, invading a country doesn't lead to any punishment, neither internationally nor domestically.
Do you not think that at least 50% of all people in Russia would vote for Putin or his affiliates (even if the elections weren't falsified)? Therefore most people in Russia are certainly not innocent.
Nor are Americans, by this standard - what we've done directly in Syria & Iraq is quite bad and enjoyed substantial popular support.
We can and know that. Just talk with your fellow Russians.
> "lowest classes"
I find it hard to believe that there aren't plenty of people who are middle class and above who support the regime. After all Russia's economy is almost entirely based on raw resources extraction and (now) military related industries.
> If your image of the Russian society is based solely on US left-wing media
And yours is based on Kremlin propaganda channels and media sources? See what I did there? Both assumptions are equally valid/invalid and neither contributes anything to a meaningful discussion besides immediately shutting down the possibility of one existing.
if you really think so strongly about it maybe you should run "Red Star OS" instead
In addition to GDPR (which is EU law but US companies have to respect it too), it may violate local state laws in the US too that you can't delete the account, if someone knows.
Best is somehow rather not to post if you don't want to have your messages recorded and linked to you.
Do you imply that Linux is a technology controlled by Western state actors?
> I would like to remind you of the recent XZ utils backdoor into SSH contributed by a less than friendly nation state.
Would you support a backdoor contributed by a friendly nation state?
Not directly, but sort of? Isn't this specific case an actual example of that?
> Would you support a backdoor contributed by a friendly nation state
The theoretical risk of that somewhat lower. i.e. government actors in friendly nation states could face somewhat serious consequences if they try that and it backfires. Russian government would face no risk or consequences whatsoever if they conspired to murder someone or imprison them on trumped up charges.
Whether we like to acknowledge it or not, the world has been split in two:
Russia, China, Iran, North Korea... and everybody else.
I can deploy an Azure or AWS cloud server right now in any one of several dozen nations, including Malaysia, Indonesia, Chile, Qatar, Israel, and Mexico.
I can't deploy VMs in Russia, China, Iran, or North Korea.
Not just because of sanctions, but because they don't allow me to. It's illegal for me -- I don't even need to specify which country I am in, it doesn't matter -- to deploy pretty much anything in those nations, by their own laws. (Similarly, I can't buy property, start a business, buy shares directly, etc, etc...)
Have a look at the requirements to deploy something into China: https://learn.microsoft.com/en-us/azure/china/overview-check... and https://learn.microsoft.com/en-us/azure/china/overview-sover...
Nothing like this is needed for any other cloud region. I can just pick "the rest of the planet" from a drop-down list at will.
So why should we let "the other side" of the planet gain benefits from our collective works, if they slam the door in our face in response?
Someone who is so dependent on media images that he declares them unquestionable truths in advance is probably unqualified to reason about propaganda.
They even comply with some sanctions and AFAIK aren't actually sending weapons to Russia.
https://ruverses.com/marina-tsvetaeva/readers-of-newspapers/...
https://ruverses.com/marina-tsvetaeva/readers-of-newspapers/...
No it's because aws/azure failed to follow local Russian laws + sanctions imposed by US. If you need Russian vps, you can contact Russian providers.
What’s different about the local laws in Russia, China, Iran, and North Korea?
Except in EU when it comes to GDPR and data processing laws. But they pay well. /s
Maybe you should ask the rest of the world before making such a statement.
Something is happening in Kazan as we speak. In attendance are many among your "everybody else", many of whom have no great love for any of these four. It is worth asking why this might be.
BRICS meeting is currently happening in Russia and the leaders who gathered there represent more than a half of world's population: "Putin returns to world stage hosting 36 leaders at Brics summit in Russia"[0].
>I can't deploy VMs in Russia
Really? You are welcome to click "Start your trial period" at Yandex Cloud. [1]
>Similarly, I can't buy property, start a business, buy shares directly
Of course you can.
[0] https://www.theguardian.com/business/2024/oct/22/putin-brics...
Liberalism is what makes our society great, not paranoia and securitization.
Well, the Linux Foundation which owns the Linux® trademark and employs the primary maintainer is based in the US:
* https://en.wikipedia.org/wiki/Linux_Foundation
Some of the most active contributer employers are Intel, Google, Linaro, AMD, Red Hat, SuSE, Meta, Oracle, Qualcomm, IBM, NVIDIA, TI, Arm, Microsoft:
* https://lwn.net/Articles/972605/
* https://kernelnewbies.org/DevelopmentStatistics
which are based in countries that have Russia on a sanctions list. The main contributer employer based in a country that doesn't have Russia on some list is Huawei.
So given those folks contribute the most code to Linux, they may not want possible complications with regards to possible legal issues.
>The access Russia currently enjoys is the equivalent of Goebbels being allowed to anonymously publish front-page editorials in the Times
there's absolutely nothing you can do about this to prevent this.
troll farms can afford residential VPNs and can network with the US/EU via neighboring neutral countries or their overseas agents.
>while simultaneously contributing code to Bletchley Park co
there's absolutely nothing you can do about this to prevent this.
how do you know that John Johnson contributing code to some widely-used library is not Ivan Ivanson, a KGB sleeper agent? do you know John Johnson in person? does anyone else in your anonymous, informal, nebulous developer clique know any other contributor personally? are you sure that jkldjsafj, qweqweqwe and all the random anonymous guys with anime girl profile pictures who contribute code to a myriad projects are not Russian plants?
>I would like to remind you of the recent XZ utils backdoor into SSH contributed by a less than friendly nation state.
case in point to the above: no one fucking knows who did it. it could be Russia, it could be China, it could be Israel, it could be NSA/CIA.
Fibre can be cut.
I know it's unpalatable, or somehow "an escalation", but when NATO started backing Ukraine and the US imposed sanctions on Russia, the logical move would have been to immediately sever all of their international network links. There's what, a few dozen fibre connections crossing their borders?
The alternative is this: https://edition.cnn.com/2024/09/13/media/right-wing-media-in...
what the fuck are you going to do? do you people not understand how the Internet works? unless you isolate your network from all other networks, it is accessible from any other network.
Just a handful of public clouds and major CDNs dropping packets from Russian IPs would cut them off from almost all Internet services directly or indirectly. Good luck browsing web pages with cdnjs and the like just timing out for you!
Russia can route to the rest of the Internet because they’re being allowed to in the same sense that they can sell oil and gas to Europe because Europeans are allowing them to.
yes, okay, fine, go convince China to do just that
Because his name is "Jia Tan" so he must be chinese. /s
But this change here feels like there was pressure from the DoD or White House. A lot of sanctions seems to be introduced and enforced informally.
> The ban complies with the EU’s 12th sanctions package adopted in December, which ordered companies in and outside the bloc to stop exporting products and technology to Russia by March 20.
That would mean that either A) it's not what triggered this change or B) the kernel wasn't legally following compliance requirements for almost a year
But besides that, that sanction is between EU<>Russia, not sure if that would ultimately enforce the kernel to implement those compliance requirements, unless also agreed and followed by the US.
Some of them, yes, some of them, no. /s
Ok, lots of Russian trolls out and about. It's entirely clear why the change was done, it's not getting reverted, and using multiple random anonymous accounts to try to "grass root" it by Russian troll factories isn't going to change anything. And FYI for the actual innocent bystanders who aren't troll farm accounts - the "various compliance requirements" are not just a US thing.
If you haven't heard of Russian sanctions yet, you should try to read the news some day. And by "news," I don't mean Russian state-sponsored spam. As to sending me a revert patch - please use whatever mush you call brains. I'm Finnish. Did you think I'd be _supporting_ Russian aggression? Apparently it's not just lack of real news, it's lack of history knowledge too.