- cross-posted to:
- [email protected]
- phoronix
- cross-posted to:
- [email protected]
- phoronix
The title really undersells it, it seems like under a Biden Executive Order, free/open-source software will have to ban all Russian contributions. Its unclear if American developers would be allowed to contribute to Russian software like Nginx
You must log in or register to comment.
From the other phoronix article:
UPDATE: When asked whether Linus Torvalds was under any sort of NDA around this, he responded:
"No, but I’m not a lawyer, so I’m not going to go into the details that I - and other maintainers - were told by lawyers.
I’m also not going to start discussing legal issues with random internet people who I seriously suspect are paid actors and/or have been riled up by them."
I don’t love this decision, but I think if you’re willing to read between the lines here, it sounds like maybe he didn’t have much of a choice. Then again, Torvalds also seems pretty happy to comply.
In other areas, sanctions don’t always mean a complete ban. For example, Ian Nepomniachtchi is still allowed to play chess internationally, just not under the Russian flag. This seems needlessly putative unless there are legitimate security concerns.
In other areas, sanctions don’t always mean a complete ban. For example, Ian Nepomniachtchi is still allowed to play chess internationally, just not under the Russian flag. This seems needlessly putative unless there are legitimate security concerns.
This is absolutely not an absolute ban, they can contribute code, they simply can’t be named maintainers with full commit authority.
Also apparently they are intending to re-add those who can be confirmed as unaffiliated with the Russian government.
Also apparently they are intending to re-add those who can be confirmed as unaffiliated with the Russian government.
Do you have a source for this? Because that would be really good news.
In the patch.
Remove some entries due to various compliance requirements. They can come back in the future if sufficient documentation is provided.
It was vague, but this seems the clear intent.
Yep, my reading of the law is the ban is specifically to do with “providing software services to Russians” and somehow collaborating on open-source software would be that. But I don’t entirely understand how.
I haven’t gone through all their work, but some of the delisted maintainers were working on driver support for Baikal, a Russia based electronics company. Their work includes semiconductors, ARM processors. Given the sanctions against Russia, especially for dual use stuff like domestic semiconductors, I would expect that Linus and other maintainers were told or concluded that by signing off and merging their code they’d be personally violating sanctions.
Looks like a dumb and ineffective move in general. No public answers as to what the supposed compliance requirements are with the patch. And, removing credit or banning individuals based on nationality seems like really poor precedent.
I disagree that this has anything to do with any Biden executive order. In fact, the patch doesn’t say anything about what those requirements are or what prompts the change. I don’t see why FOSS in general even necessarily needs to comply with US regulations. I think we should refrain from this kind of speculation.EDIT: Linus later confirmed the sanctions were the cause of this action on the mailing list.
I disagree that this has anything to do with any Biden executive order.
That I based on another source (video by Bryan Lunduke) that claims to have insider information.
I don’t see why FOSS in general even necessarily needs to comply with US regulations.
From what I can see in the law, providing licensed software, even if it is GPL licensed would be in violation of Executive Order 14071
I’m sure an open sourced project hosted in China would gladly tell the US to shove their executive order up their collective ass.
That is a valid concern though for the Linux Foundation. I hope they do not get involved in politics. I really hope not.
Claims of insider information… Certainly suspicious circumstances. I suppose we won’t know until more information becomes publicly available.
I’m sure an open sourced project hosted in China would gladly tell the US to shove their executive order up their collective ass.
Why? There’s plenty of great open-source projects made by Chinese developers… People are not their governments, and there are good people and good developers everywhere.
Right. The ones outside of the US don’t need to comply with US law. Perhaps I’m missing the point?
Correct me if I’m wrong, but I thought Europe also had sanctions in place against Russia at this point now as well? Seems likely this would be an issue in pretty much any NATO country not just the US.
Sorry I completely misread what you said. I thought you were defending the executive order because “China would do the same” I honestly have no clue how I got that from what you wrote. My bad, I agree with you.
Linus says your reasoning is inaccurate.
Yeah Linus just said “Legal reasons” but made it clear he supports it.
I wonder if there is any merit to this or if the government actually suspects or believes there is a large risk giving certain maintainers access.
I could actually see NSA protecting Linux with reasonable intentions, but I could also just see the whitehouse making dumbass moves because some shmuck wants credit for “securing” something.
Either way, I don’t think it’s large enough that it’s much of an issue.
I don’t think this is about security implications, but I may be wrong. My understanding is this is related to the export sanctions, meant to hamper the Russian economy.
That seems weird considering anyone can easily access and fork it if they want.
Reminds me of the old crypto algorithm export laws which fell apart for the same reason. Now curve25519 is even in FIPS as the default next to the NIST curve.
The social engineering on open source maintainers that create lesser understood security implications are basically toast.
:(
I really don’t know what the answer is other than HEY EVERYONE PLEASE HELP but like, glhf.
Sux.
Fuck Russia. Fuck Russians in Russia. Fuck Russians that support Russia. Fuck Russians that stay silent while Russia continue to threaten the entire planet for 7 decades and counting. Fuck Russia.
One of my friends is a trans Buryat, she does FOSS development, can’t leave Russia because she has no money and nowhere to go. There are many similar cases
great. excellent. fine distinction. the majority of russians support what’s been going on in russia, else they would have risen up and fucking stopped it. they haven’t. they won’t. sorry to hear about your friend. fuck russia. fuck russians.
Most people don’t want to die, or risk their lives. There’s not something unique to autocratic countries. Just like Americans aren’t responsible for bombing innocent families in the middle east, random russians aren’t responsible for a government they didn’t even vote for.
If anything people living in a dictatorship are even less responsible. At least in democracies the people have a theoretical say in things to a certain extent. Not only does the public not have a say in a dictatorship, but they often don’t even have the option to leave it. E.G. China confiscating their citizens passports to prevent them from fleeing the country.
