280
submitted 3 weeks ago by 0x4E4F@infosec.pub to c/linux@lemmy.ml

Official statement regarding recent Greg' commit 6e90b675cf942e from Serge Semin

Hello Linux-kernel community,

I am sure you have already heard the news caused by the recent Greg' commit 6e90b675cf942e ("MAINTAINERS: Remove some entries due to various compliance requirements."). As you may have noticed the change concerned some of the Ru-related developers removal from the list of the official kernel maintainers, including me.

The community members rightly noted that the quite short commit log contained very vague terms with no explicit change justification. No matter how hard I tried to get more details about the reason, alas the senior maintainer I was discussing the matter with haven't given an explanation to what compliance requirements that was. I won't cite the exact emails text since it was a private messaging, but the key words are "sanctions", "sorry", "nothing I can do", "talk to your (company) lawyer"... I can't say for all the guys affected by the change, but my work for the community has been purely volunteer for more than a year now (and less than half of it had been payable before that). For that reason I have no any (company) lawyer to talk to, and honestly after the way the patch has been merged in I don't really want to now. Silently, behind everyone's back, bypassing the standard patch-review process, with no affected developers/subsystem notified - it's indeed the worse way to do what has been done. No gratitude, no credits to the developers for all these years of the devoted work for the community. No matter the reason of the situation but haven't we deserved more than that? Adding to the GREDITS file at least, no?..

I can't believe the kernel senior maintainers didn't consider that the patch wouldn't go unnoticed, and the situation might get out of control with unpredictable results for the community, if not straight away then in the middle or long term perspective. I am sure there have been plenty ways to solve the problem less harmfully, but they decided to take the easiest path. Alas what's done is done. A bifurcation point slightly initiated a year ago has just been fully implemented. The reason of the situation is obviously in the political ground which in this case surely shatters a basement the community has been built on in the first place. If so then God knows what might be next (who else might be sanctioned...), but the implemented move clearly sends a bad signal to the Linux community new comers, to the already working volunteers and hobbyists like me.

Thus even if it was still possible for me to send patches or perform some reviews, after what has been done my motivation to do that as a volunteer has simply vanished. (I might be doing a commercial upstreaming in future though). But before saying goodbye I'd like to express my gratitude to all the community members I have been lucky to work with during all these years.

you are viewing a single comment's thread
view the rest of the comments
[-] kbal@fedia.io 168 points 3 weeks ago

Later in that thread:

Please accept all of our apologies for the way this was handled. A summary of the legal advice the kernel is operating under is

If your company is on the U.S. OFAC SDN lists, subject to an OFAC sanctions program, or owned/controlled by a company on the list, our ability to collaborate with you will be subject to restrictions, and you cannot be in the MAINTAINERS file.

Anyone who wishes to can query the list here: https://sanctionssearch.ofac.treas.gov/

[-] schizo@forum.uncomfortable.business 139 points 3 weeks ago

Which is exactly what anyone who wasn't wanting to just snort some concentrated outrage knew was the case.

And you can argue as to if OFAC list should apply to things like this or not, but the problem is that the enforcement options for OFAC violations include 'stomp you into the ground until you're powder', most people are just going to comply.

[-] 0x4E4F@infosec.pub 38 points 3 weeks ago

Also from that thread.

Again, we're really sorry it's come to this, but all of the Linux infrastructure and a lot of its maintainers are in the US and we can't ignore the requirements of US law. We are hoping that this action alone will be sufficient to satisfy the US Treasury department in charge of sanctions and we won't also have to remove any existing patches.

US law CAN'T apply on foreign ground, period. Nothing can. Just because they can bully their way around that, doesn't mean they are right.

And it should be only fair that Israeli maintainers be removed as well.

They should also rethink their infrastructure policy and whether they still want it on US soil.

This is all wishful thinking, I know, but this just goes to show you how they have absolutely no backbone whatsoever. As if anybody is gonna touch the Linux kernel and jeopardize the safety of millions of systems. We all know that is never going to happen, but they still bent over for the US... so typical... just goes to show you how little backbone everyone has, including Linus.

Oh, and don't get me started on the Russia/Finland history comment...

[-] prole 32 points 3 weeks ago* (last edited 3 weeks ago)

Does everyone here just not understand how international sanctions work?

As someone with a STEM degree in a STEM field, I'm consistently bummed out by how clearly silo'd my colleagues' educations were. It is so plainly obvious as soon as you try to have a conversation with them about anything outside of their area of expertise.

And don't bother trying to correct or teach them anything, because in their minds, they're smarter than you, and you have nothing worthwhile to teach them.

This thread is full of software engineers with just no concept of how society functions, or even a basic understanding of the geopolitical context of any of this.

[-] winterayars@sh.itjust.works 10 points 3 weeks ago

I mean, if you're in a STEM field you really should understand how sanctions work because they matter to your work and, thus, to you.

[-] prole 9 points 3 weeks ago

Yeah, well... Look around

[-] JackbyDev@programming.dev 2 points 3 weeks ago* (last edited 3 weeks ago)

It wasn't so long ago that Java developers had to download the unlimited strength cryptography extensions separately from the main Java development kit because of export restrictions involving encryption.

Edit: Links for the curious.

load more comments (8 replies)
[-] BCsven@lemmy.ca 13 points 3 weeks ago* (last edited 3 weeks ago)

If the company is in the USA they can restrict who you colloborate with. They also can control what you export as a oftware product under ITAR/EAR rules. It is why when some encryotion work had to be done the devs crossed the border into Canada to work on development, because under USA law encryption code is a controlled export product even if opensource

[-] 0x4E4F@infosec.pub 5 points 3 weeks ago

Then why in the hell was the LF founded in the US? That is something that clearly needs explaining. For example, Sweden is a much better place to do these sorts of things, their software laws are very liberal.

Some of these things need to be rethought if you ask me, this is not something that should be left like this. If no one in the kernel, including Linus, doesn't see a serious problem with "we have to move people around to code", then most of these people are probably braindead... I'm sorry, but if it was me, once I found out I had to move devs around to code, I would have been "fuck this we're moving the foundation".

[-] kattfisk@lemmy.dbzer0.com 10 points 3 weeks ago

You might be surprised to learn that Sweden also has sanctions against Russia, together with the rest of the EU, Norway, Switzerland, Japan, Australia, South Korea and a bunch of other countries. Because this is not about the US being an ass, it's about Russia being an ass.

load more comments (9 replies)
[-] Auli@lemmy.ca 4 points 3 weeks ago

Don’t know if it would help as there are international sanctions against Russia.

[-] 0x4E4F@infosec.pub 1 points 3 weeks ago

Not everywhere. I seriously doubt Cuba has sanctions against anyone.

[-] secretlyaddictedtolinux@lemmy.world 3 points 3 weeks ago* (last edited 3 weeks ago)

It would be much better if the company were not in a place in which gag orders can be issued, leaving questions as to transparency.

As it stands now, it isn't clear if Linus is just "grouchy" about this with a unique personality or if the foundation got a NSL and can't say anything. And that leads to questions about whether there were other NSLs other than this one and if it's had an impact on the code.

Exploits are so hard to detect sometimes if done well and often although they get patched... eventually... the damage is done prior to the patch. The US government, despite doing lots of good things, engages in torture. And even if the US government is the "good guy," this leads to less trust in the open-source ecosystem, no matter what the justification.

[-] IrritableOcelot@beehaw.org 2 points 3 weeks ago

Thats a good point. I think its probably because most of the corporations who fund and contribute to the kernel are American, and coordinating financial and physical contributions would be complicated across borders. Just a hypothesis though.

[-] 0x4E4F@infosec.pub 2 points 3 weeks ago

But moving people around to code isn't 🤨? I'm sure it far easier to justify a donation than to book plane tickets and find places for the devs where to stay. And to be perfectly honest, the whole point of open source is "you can contribute from anywhere". The first time I would've encountered the move people around problem, I would have been "this is not the point of open source, it goes against the very spirit of it, we have to do something about this".

load more comments (2 replies)
[-] Auli@lemmy.ca 3 points 3 weeks ago* (last edited 3 weeks ago)

Israel is not against the US at this point. Russia and the US are in a war with Ukraine being the middle man. Look at what the US did to Hauwei sanctioned it and forbid any us company from doing business with it. Basically none of the world could use the phones. All the tech the world is using is American so they get to say what any country can do.

load more comments (1 replies)
[-] prole 16 points 3 weeks ago

Oh hey, a reasonable comment here that actually has a decent score... These comments are wild. But given the recent... I'll just say, conspicuously pro-Russian, turn this site seems to have taken in the run up to the election, it's not exactly a surprise.

I'm shocked I didn't get downvoted to shit myself.

It's just that it was VERY clearly either sanctions or a NSL, since the Linux Foundation is in the US and the two things that result in a public entity like that making silent, un-explained changes are, well, sanctions and NSLs and you don't say shit because your lawyer told you not to.

I don't necessarily agree that tossing contributors off an open-source project is in the spirit of the OFAC list, but the problem almost certainly is that they're employed by some giant tech company in Russia.

And, in Russia, like in the US, and Israel, and China, and anywhere else you care to mention, tech companies are almost always involved in military supply chains, since shit don't work without computers at this point.

Which leads to a cycle of being unable to work with Weapons, Inc. and someone works for Weapons, Inc. so now that person can't be worked with either and so your choices are.... comply with the OFAC list, or take a stupid amount of legal risk up to and including angry people with guns showing up to talk to you.

We really don't know the whole story and immediately jumping to "Imperialists bad!" is how certain chunks of Lemmy roll these days.

I think they'd be much happier if they all moved to North Korea and helped achieve the goal of Juche by becoming dirt farmers.

[-] SnotFlickerman 51 points 3 weeks ago

But folks who work for US companies building weapons for Israel are totes okay?

It's honestly fucking wild that an internationally developed open source project has to play by the US government's rules when the US government is out here helping commit genocide right the fuck now.

Like, look in the fucking mirror on this why don't you.

Maybe the better rule is that if you work for a company that produces weaponry for war you shouldn't be allowed to contribute, period.

[-] Orygin@sh.itjust.works 56 points 3 weeks ago

Wow, I didn't know that being a Linux/open source contributor meant you don't have to follow your country's laws.

It's developed internationally but devs still reside somewhere and have to abide by the rules at that place. Linux in this case being represented by an US entity means they have to follow the gov's sanctions. If you want more or less of those, that's where (the government) you act.

load more comments (1 replies)
[-] kbal@fedia.io 37 points 3 weeks ago

You may be amazed to learn that there aren't many international sanctions against the USA at this time, but I imagine you could probably get into legal trouble for collaborating with Americans if you're in, I don't know, North Korea maybe.

[-] davel@lemmy.ml 31 points 3 weeks ago

You may be amazed to learn that the reason there aren’t many international sanctions against the USA at this time is not because the USA is a beacon of peace, freedom, democracy, and national sovereignty. Because the US is very much not that.

[-] Auli@lemmy.ca 1 points 3 weeks ago

Well it’s by far the biggest economy in the world and the whole world uses the tech developed in the US. sanction them and they could cut off your access to technology.

load more comments (1 replies)
[-] AbidanYre@lemmy.world 21 points 3 weeks ago

It's crazy how the US Treasury isn't sanctioning companies for working on US government approved contracts. /s

[-] davel@lemmy.ml 19 points 3 weeks ago
[-] AbidanYre@lemmy.world 4 points 3 weeks ago

Then it would be sanctioning Israel, not defense contractors.

[-] davel@lemmy.ml 16 points 3 weeks ago

U.S. law requires the government to cut off weapons shipments to countries that prevent the delivery of U.S.-backed humanitarian aid. Israel has been largely dependent on American bombs and other weapons in Gaza since Hamas’ Oct. 7 attacks.

[-] AbidanYre@lemmy.world 10 points 3 weeks ago

Yes and? You keep arguing against things I'm not saying.

I'd be perfectly happy if we told Bibi to fuck off. But the US government isn't going to impose sanctions on itself.

[-] actually@lemmy.world 6 points 3 weeks ago

The genocide has such wide support in the USA community and defense companies ( irregardless of the louder minority of people protesting it)

That if there were justice, then many other people and organizations would have similar treatment and be kicked

We can’t get away from politics, or limits, but if I will point out the hypocrisy

load more comments (2 replies)
[-] SnotFlickerman 15 points 3 weeks ago* (last edited 3 weeks ago)

US isn't helping fund a genocide in Israel or anything! /s

[-] kbal@fedia.io 19 points 3 weeks ago

Address your complaints to the government of the USA. Or, if you have the right to do so, cast a vote in the upcoming election there to prevent it taking a big step in the opposite direction from a world in which it might consider anything like similar sanctions against Israel.

[-] davel@lemmy.ml 13 points 3 weeks ago* (last edited 3 weeks ago)

“Write a stern letter to a foreign government” and “Vote against ‘very probable 101% genocide’ and for ‘proven 100% genocide’” are some weak tea, and beside the point being made.

[-] kbal@fedia.io 11 points 3 weeks ago

Your particular complaints are better addressed to almighty God I suppose. So long as you don't blame linux kernel devs for them it's all the same to me.

[-] prole 4 points 3 weeks ago* (last edited 3 weeks ago)

Oh look, a bad faith argument about the upcoming election from someone who I've tagged for making bad faith arguments about the upcoming election. Fun.

[-] prole 4 points 3 weeks ago

What are you even trying to say here?

Do you think you've unraveled some massive conspiracy simply by learning about the existence of Western hegemony?

[-] 0x4E4F@infosec.pub 10 points 3 weeks ago* (last edited 3 weeks ago)

Maybe the better rule is that if you work for a company that produces weaponry for war you shouldn't be allowed to contribute, period.

This is something I can actually get behind on.

But, you see, there is just one teeency weeency tiny problem with that. They spend trucks of cash on whatever they deem will give them what they want, including funding organizations that they profit from.

[-] prole 9 points 3 weeks ago

But folks who work for US companies building weapons for Israel are totes okay?

Who here said this?

[-] beanlink@lemmy.world 5 points 3 weeks ago

Nobody directly just them pointing out the optics of the situation.

[-] prole 11 points 3 weeks ago

No, you are making strawman arguments and using whataboutism in an attempt to deflect.

[-] beanlink@lemmy.world 5 points 3 weeks ago

You a bot or something? I’m not the OP.

[-] prole 4 points 3 weeks ago

Yes. I am a bot for not paying attention to user names and assuming that the commentor who defended the comment I replied to, was the same person that made the original comment.

load more comments (1 replies)
load more comments (1 replies)
this post was submitted on 24 Oct 2024
280 points (100.0% liked)

Linux

48224 readers
521 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS