Asklemmy

Hasn't changed my view much. I already knew Linux was a company that has a legal presence in the US and so would be subject to their laws. The only real surprise is that it's taken so long to action this particular set of sanctions.

I do think the announcement was poorly handled - it should have been explained either before or immediately afterwards to cut back on the conjecture. The git notice only said that these contributors' names had been removed from the credits, not that they'd been stopped from contributing completely. Any company, including Linux, that does something they know is going to be contentious like this should bloody well get ahead of that curve and put the facts out.

The world is at war. It's not a bloody world war as we've seen before, but it is nation against nation by other means. FOSS is used so widely it is absolutely a target and nobody can be so idealistic that they cannot see the conflict, nor not know that it's constantly being attacked. Where you live does matter. I wish that wasn't the case - I truly do, but it's naive in the extreme to pretend otherwise.

No, only of Linux

No

Yes, bad actors can exist everywhere, it doesn't really help anything but fragment the project and harm it, do we need multiple directed forks ? Fuck no it will be best if everyone can monitor and contribute, I kind of think of it as they do peer reviewing in research and shit, it's always better when more people can view it, that will leave less room for biasing and frankly detect bad actors easily

No.

So like what happened

I get that it's a nice daydream to think of open source projects as existing in some kind of independent, ethereal vacuum just because the code is out there and accessible from any place on Earth. But every software project is (mostly?) dependent on the jurisdiction in one country, in this case it's the US, and so their laws about sanctions and so on apply. And yes, this means that unless conflicts/wars between nations happen to cease, that we will eventually have completely separated blocks of politics/culture/military and also IT. Globalization is over. China will have their own stuff, Russia will have their own stuff, and US+EU will have their own stuff. And none of those countries should continue using high-tech products made by the other because they could be sabotaged and it might be hard to find, so it's best to not use them at all and just cook your own stuff. It's unfortunate, but bound to happen in the current state of the political world.

Same here. For now it's only barring contributors which won't harm actual users much, but that could change in the future with the precedent this is setting.

What's the point of "FOSS" at that point if it's not so different from corporate products, being similarly vulnerable to sanctions? I could see genuine free software being relegated to piracy communities if it goes that far.

Not realy since Open source is most of the time still the best Option, and you cant realy controll Open source since there is always the option to fork Things. (For example If the US decided that China ist a NoNo the Open source Community in EU or India can do what they want since it is not under their jurisdiction)

If someone really wants to use the contribution of the expelled maintainers they can just make their own fork. Part of the Free in FOSS is the freedom to associate or not associate with contributors.

From what I understand this wasn't a decision dictated by sanctions nor was there any strongarming. Otherwise it would've happend way earlier.

I also think splitting politics and literally anything else doesn't work and is something people who benefit from the discussion (or lack therof) made up.

If you are having sensitive information stored using closed-source software/OS, you can stop reading right here. This is your biggest vulnerability and the best thing you can do is to switch to FOSS.

For those that have already switched:
It made me think about how to improve the resistance of large FOSS projects against state-sponsored attackers injecting backdoors.

The best thing i came up with would be to have each contribution checked by a contributor of a rival state. So a Russian (or Chinese) contributor verifies a contribution by an American.
The verifying contributors would have to be chosen at random in a way that is not predeterminable by an attacker, otherwise a Chinese-state contributor will contribute harmless code until the next verifier will be a US-based Chinese spy. Then they will submit a backdoor and have it checked by an American citizen paid by China.
Also the random number generator has to be verifiable by outsiders, otherwise a spy in the Linux-Foundation can manipulate the outcome of choosing a favorable verifier for a backdoor.

This can obviously only be done as long as there are lots of contributors from rivaling states. If the US decided that Linux can only allow contributors from USA/EU, then this model can not work and Linux would have to relocate into a more favorable state like Switzerland.

What one should keep in mind that even if the US would ban all foreign contributions and the foundation would not relocate, Linux would still be more secure than any closed source OS, as those foreigners can still look at the code and blow the whistle on bugs/backdoors. It would however be much more insecure than it is now, as the overhead for finding bugs/backdoors would be much larger.

Nothing is devoid of global politics.

I'm ootl. Quick summary?

I'm out of the loop, what's the recent Linux drama? If you don't wanna type it out, you can point me in the right direction. Thanks. :)

No

@[email protected] Views on the idea, no. But it confirmed my opinion that the current socio-economic system is unfriendly to FLOSS