|
|
Subscribe / Log in / New account

Several Russian developers lose kernel maintainership status

[Posted October 22, 2024 by corbet]

Perhaps one of the more surprising changes in the 6.12-rc4 development kernel was the removal of several entries from the kernel's MAINTAINERS file. The patch performing the removal was sent (by Greg Kroah-Hartman) only to the patches@lists.linux.dev mailing list; the change was included in a char-misc drivers pull request with no particular mention.

The explanation for the removal is simply "various compliance requirements". Given that the developers involved all appear to be of Russian origin, it is not too hard to imagine what sort of compliance is involved here. There has, however, been no public posting of the policy that required the removal of these entries.

Update: Linus Torvalds has since publicly supported this action and said that it will not be reverted.

Update 2: James Bottomley has clarified the requirements:

If your company is on the U.S. OFAC SDN lists, subject to an OFAC sanctions program, or owned/controlled by a company on the list, our ability to collaborate with you will be subject to restrictions, and you cannot be in the MAINTAINERS file.

to post comments

Balkanization -- full steam ahead

Posted Oct 23, 2024 0:37 UTC (Wed) by yeltsin (guest, #171611) [Link] (13 responses)

What's the deal with an international project adhering to what is obviously a decision of the US government?

I hope our Chinese friends take note and not waste a number of years on thankless work to be thrown overboard when your time comes. Remember this news next time you hear complaints about there not being enough maintainers.

Balkanization -- full steam ahead

Posted Oct 23, 2024 1:25 UTC (Wed) by pizza (subscriber, #46) [Link] (1 responses)

> What's the deal with an international project adhering to what is obviously a decision of the US government?

Hint: The Linux Foundation (which notably employs Greg KH and Torvalds, and provides a lot of the legal and other infrastructure for this "international project") is based in the US, and therefore has to follow US laws.

Balkanization -- full steam ahead

Posted Oct 23, 2024 17:25 UTC (Wed) by kazer (subscriber, #134462) [Link]

Not only US but also EU cyber resilience act.

It would be silly to continue to as before in the light of current situation.

Balkanization -- but still jobs to be had.

Posted Oct 23, 2024 4:10 UTC (Wed) by gmatht (guest, #58961) [Link] (2 responses)

While forks are unfortunate, it would seem wise for the CCP to throw money at the chinese maintainers to maintain a trusted-by-CCP linux regardless of whether they are official "Linux" maintainers.

Balkanization -- but still jobs to be had.

Posted Oct 23, 2024 6:50 UTC (Wed) by matthias (subscriber, #94967) [Link]

How would this be wise? Employees of Chinese enterprises are contributing to the kernel such that their employers can sell their hardware to people and institutions using Linux. This will not work with a trusted by-CCP Linux unless they are able to convince the world to use this fork, which seems rather unlikely.

Balkanization -- but still jobs to be had.

Posted Oct 23, 2024 17:19 UTC (Wed) by wittenberg (subscriber, #4473) [Link]

Perhaps this is what Red Flag Linux was intended to do.

Balkanization -- full steam ahead

Posted Oct 23, 2024 5:11 UTC (Wed) by s_vlad (guest, #120162) [Link] (3 responses)

Interestingly, other comments miss the point.
The post I'm replying to is authored by "yeltsin".
That's exactly the figure in post-Soviet russia in 1992, who declared strategic alliance with China. And the post appeals to Chinese friends...
The original Yeltsin died in 2007. So this is the case of mummies' return!

I'd say "I hope our Chinese friends take note" from the post I'm replying to can even be seen as a threat!!!

The post I'm replying too also mentions "maintainers", which invokes memories of XZ from not too long ago...

Balkanization -- full steam ahead

Posted Oct 23, 2024 7:44 UTC (Wed) by riking (guest, #95706) [Link] (2 responses)

It's also clearly the highest / newest subscription # on the page.

Balkanization -- full steam ahead

Posted Oct 23, 2024 8:23 UTC (Wed) by Wol (subscriber, #4433) [Link] (1 responses)

Yeltsin has been around for a while. I don't know when I first noticed him, but it's a good long time.

(Disclaimer - I may be a russophile, but I am no fan whatsoever of their leadership ...)

And while I don't particularly understand Russian names (I understand they emphasise patronymics over surnames), Yeltsin could easily be a fairly common name?

Cheers,
Wol

Balkanization -- full steam ahead

Posted Oct 23, 2024 9:11 UTC (Wed) by dottedmag (subscriber, #18590) [Link]

Yeltsin is quite uncommon surname — beyond the Russia's 1st president and his family there don't seem to be any public figures bearing this surname, and a cursory check at https://forebears.io/surnames/eltsyn makes it _very_ uncommon.

(for the reference, I was born in USSR in 1983)

Balkanization -- full steam ahead

Posted Oct 23, 2024 13:28 UTC (Wed) by raven667 (subscriber, #5198) [Link] (3 responses)

This has a couple if misconceptions that are worth clearing I think

1) An organization being a multi/inter-national project doesn't mean that it's magically exempt from jurisdiction in every place where it's members live and do business. Cyberspace is _not_ an independent domain from the "real" world, people are made out of meat, not sci-fi beings of pure thought energy, they eat food and live in places. on earth. where every square centimeter of land is subject to some sort of rules.

2) The Chinese government are currently competitors of the US government in international influence/relations and resource extraction, but not enemies in the way the Russian government has made of many nations for the way they behave with their neighbors. Sometimes international politics is just teenage middle-school drama, with more resources, with somewhat arbitrary emotional decisions, but I don't think this is one of those cases. This is different than say a ban of Huawei telecom equipment, which is subject to the rules of the place it's members live and do business, including having lawful intercept features, that the US government isn't comfortable allowing (which just incentivized the Chinese intelligence services to compromise the US CALEA lawful intercept features of its own domestic equipment instead, lol) which is more about the competition between US intelligence and others in gathering and protecting information.

3) The hypothetical situation where the organization that any developer works for becomes a sanctioned entity by some other nation who's jurisdiction matters requires a different geopolitical alignment to make sense, either someone's host nation authorized something very bad that pissed off a number of other powerful nations, or the leadership has changed to someone who has an irrational animosity and the power to enforce it. Either way I don't think trying to anticipate such things as if you control the outcomes makes a lot of sense, where you have influence over your local government please exercise it to advise them not to do stupid self-destructive shit, but you have almost no responsibility for or control of the decisions other nations governments make, sometimes your government has influence but you as an individual have almost none.

Balkanization -- full steam ahead

Posted Oct 23, 2024 16:56 UTC (Wed) by cida (guest, #174189) [Link] (2 responses)

I register in lwn to reply:

1) This is basically cyber sovereignty, the perfect argument for Great Firewall of China. If all nations wish to make rules on its cyber network, there will be no more open Internet.

2) I don't think it is that different. It's just typical US exercising its power. US has banned NASAs' engagement in any bilateral activities with China or Chinese-owned companies for some time. This ban is not that different from the ban enforced on Russia developers on linux. Such ban will alert all countries to be more careful towards the risks in open source software.

3) We all have almost zero power. Maybe it marks the beginning of the end of open source communities.

The end of Open Source?

Posted Oct 26, 2024 0:16 UTC (Sat) by hackerb9 (guest, #21928) [Link] (1 responses)

Um... no. Open Source and Free Software communities have always had to abide by the laws of the countries in which they reside. This is not fundamentally different.

I can see why Linus thinks there is a Russian troll factory jumping on this, but I think it is more likely that there are just a lot of people who don't know what the sanctions are or what Putin did to bring such seemingly unfair treatment upon the Russian people. On the other hand, Linus might be right about trolls fanning the flames given the amount of outrage being expressed by people who seem to be getting their "facts" from an alternate reality.

I keep seeing people talk about this as an across the board "ban of Russian developers" from Linux when actually it only affects maintainers and only if they work for a sanctioned company. Hopefully, that will get sorted when the compliance paperwork goes through and some of the maintainers are reinstated.

The end of Open Source?

Posted Oct 28, 2024 14:00 UTC (Mon) by netghost (guest, #54048) [Link]

Yes, first it only affects "maintainers and only if they work for a sanctioned company" so you feel it is OK. Does this sound familiar?

BTW, I don't even expect guys like Linus has a particular higher standards except he is an extremely capable coder, but just don't act like one.

Why hide it?

Posted Oct 23, 2024 4:07 UTC (Wed) by shironeko (subscriber, #159952) [Link] (6 responses)

There's a million eyes on the mainline repos, such a change will get noticed immediately and blow up. So why bother hiding it in the first place? Just say this is happening or else many people are gonna loose their shirt and be done with it?

Why hide it?

Posted Oct 23, 2024 4:32 UTC (Wed) by tux3 (subscriber, #101245) [Link] (1 responses)

Lawyers, perhaps? They have this wise obsession with encouraging non-lawyers to say as little as possible. They love nothing more than quiet clients.
Very bothersome people, if you ask me. All bite and no bark!

Why hide it?

Posted Oct 25, 2024 11:03 UTC (Fri) by nix (subscriber, #2304) [Link]

That's been confirmed: lawyers. Giving no information gives the impression that this is totally underhand, even though it isn't -- but this is apparently less important to such lawyers than covering their legal arses and making absolutely sure that nothing *they* say ever gets public where people might sue them for it, even when they're ordering other people to say things in public that harm their reputations. Lovely people :(

Why hide it?

Posted Oct 25, 2024 4:00 UTC (Fri) by dberlin (subscriber, #24694) [Link] (3 responses)

Open source lawyer here (but not involved in this).
Let me try to give you a bunch of practicalities here. I don't honestly have an opinion, but i think there's a bunch of info that is uncommonly known that might help.

First, I think people don't quite understand the entities on the other side of this (IE OFAC, Department of Treasury, etc). People are used to seeing copyright issues get resolved, but truthfully, this is nothing like that. This is actually serious. OFAC violations are strict liability (IE it doesn't matter if you knew), and carry very serious criminal and civil penalties. Personal criminal liability, in fact. If they come to you with an issue telling them something like "hey can you wait a few weeks so we can work out something we can say to our community" is not really going to work. They not only don't care, but it's also a good way to end up in jail.

Again, i have no opinion and I have no idea if that happened here. I have seen it happen before for sure.

Second, as a general rule, releasing legal advice destroys privilege of various sorts. Does it really matter in this case? Certainly not for the advice itself, where it would obviously no longer be privileged. The more concerning issue is probably whether they accidentally destroy privilege for any discussions around it, or any work products, or ...

Hypothetical:
Imagine DoT had come to the linux foundation (or whoever) with an issue. They go to discuss it with their attorneys. That discussion would probably be something like "oh fuck what do we do" and probably involved discussions or issues that, if they were non-privileged, could be dangerous (admission of things that turn out to be crimes, because basically everything related to this kind of compliance is a crime, etc). This sounds weird but it's totally common - the whole goal of privilege is to enable people to discuss things with their attorney without worrying about whether it will get used against them, so they can get the best legal advice possible.
Now you accidentally destroy privilege in this discussion by releasing the resulting advice (or whatever) - congrats, lots of people are screwed.

Privilege issues are not simple to deal with, either, as they vary state to state and country to country.
Especially when you are talking about serious issues like OFAC/etc compliance, I would generally be very careful about privilege.

These are just some of the practicalities, I can think of more, but these are IMHO, the biggest ones.

Note that this is not a US specific thing, either. Everyone has their version of OFAC/et al, with very serious penalties and ...
The only difference is who is on their lists.

Why hide it?

Posted Oct 25, 2024 19:48 UTC (Fri) by shironeko (subscriber, #159952) [Link] (1 responses)

What trips me up is the commit and the following comments doesn't say nothing, they said a lot of things that just messes with people.

I would think the community would be a lot less upset and a lot less confused if the message is simply "we can't comment on this because lawyers"

Why hide it?

Posted Oct 25, 2024 20:39 UTC (Fri) by dberlin (subscriber, #24694) [Link]

Sure, but you (and everyone else) don't know what orders they had, and what they were or were not permitted to say, not just by lawyers, but by anyone else.
It depends a ton on the situation (IE gag orders are common, etc)

Why hide it?

Posted Oct 25, 2024 20:14 UTC (Fri) by pizza (subscriber, #46) [Link]

> First, I think people don't quite understand the entities on the other side of this (IE OFAC, Department of Treasury, etc). People are used to seeing copyright issues get resolved, but truthfully, this is nothing like that. This is actually serious. OFAC violations are strict liability (IE it doesn't matter if you knew), and carry very serious criminal and civil penalties. Personal criminal liability, in fact. If they come to you with an issue telling them something like "hey can you wait a few weeks so we can work out something we can say to our community" is not really going to work. They not only don't care, but it's also a good way to end up in jail.

At $dayjob-3, we had a lot of headaches due to dual-use technologies colliding with OFAC and ITAR. If anything, you're understating the seriousness of the situation.

(With a lot of of additional personal "fun" due to my place of birth being on the naughty lists for nearly my entire life. Suffice it to say there's a decent-sized file on me at $TLA)

projects are left without maintainers

Posted Oct 23, 2024 4:39 UTC (Wed) by alison (subscriber, #63752) [Link] (29 responses)

The fact that the patch removes the sole maintainer of various drivers is disturbing. One is left to wonder, "Why not go all the way and remove the drivers too?"

No one will mistake me for an attorney, but it's hard to see why sanctions on individuals would motivate this step. Assuredly the removed maintainers are SW engineers, not arms traders or military personnel. Perhaps their employers are sanctioned.

Chinese developers make major contributions to so many subsystems on such a regular basis that removing any number of them would cripple the kernel. It has only been a year or two since I thought, "My employer should try to hire the author of new feature X", only to figure out that she/he worked for Huawei in PRC.

projects are left without maintainers

Posted Oct 23, 2024 4:52 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link] (28 responses)

It's indeed not the nationality, but the employers that are sanctioned. Developers can get unbanned if they document that they are not employed by sanctioned entities (and don't have some kind of interest in them).

projects are left without maintainers

Posted Oct 23, 2024 7:05 UTC (Wed) by comio (guest, #115526) [Link]

this is the point.

projects are left without maintainers

Posted Oct 23, 2024 8:20 UTC (Wed) by npws (subscriber, #168248) [Link] (9 responses)

And who is required to "comply"? Linus, Greg, the LF, some Linux distributors?

People required to comply

Posted Oct 23, 2024 8:35 UTC (Wed) by farnz (subscriber, #17727) [Link] (8 responses)

Per this notice from the Department of Commerce, all US citizens and people with permanent US residency, regardless of location, everyone located in the US, and all companies with a US legal entity face criminal penalties for breaking sanctions. Additionally, the US reserves the right to fine foreign entities that enable covered people to break US sanctions, and to prohibit them from trading with anyone in the USA until the fine is paid; so a Swedish bank that breaches sanctions can't then transfer money to, from, or through a US correspondent bank.

People required to comply

Posted Oct 23, 2024 12:33 UTC (Wed) by Kamiccolo (subscriber, #95159) [Link] (1 responses)

And similar sanctions are not limited to US only.

People required to comply

Posted Oct 23, 2024 12:54 UTC (Wed) by farnz (subscriber, #17727) [Link]

I know for a fact (having been subject to them) that Russian sanctions work exactly the same way as USA sanctions do. The only difference between the two of note is the relative economic power of the two countries - I would be annoyed if I could never visit the USA again or be paid by a company that does business in the USA as well as my local country, but it doesn't hugely bother me that I'd have problems visiting Russia or being paid by a Russian business.

And that ends up being the core problem with where you locate an open-source foundation; international politics means that unless the world is at peace, you're really choosing the place whose sanctions decisions are least impactful on you, not a place from where you can ignore sanctions.

People required to comply

Posted Oct 23, 2024 14:13 UTC (Wed) by npws (subscriber, #168248) [Link] (5 responses)

Thanks for the link. That answers who is subject to these sanctions. However I also wonder which specific sanctions might be applicable to someone holding a maintainer role. Its not really a formalized position, there is no money or goods exchanged, any idea what these sanctions prohibiting these people from keeping their position might be?

People required to comply

Posted Oct 23, 2024 15:18 UTC (Wed) by Wol (subscriber, #4433) [Link]

Just a guess, but are they being paid, by a sanctioned entity, to work on the kernel? Or does it at least look like that?

Cheers,
Wol

People required to comply

Posted Oct 23, 2024 18:34 UTC (Wed) by MarcB (subscriber, #101804) [Link] (1 responses)

> However I also wonder which specific sanctions might be applicable to someone holding a maintainer role.

That really is the question. At least for EU sanctions, I do not see anything obvious. You could maybe interpret providing authenticated GIT access as "making available an economic resource". The only exemption here is for registered telecommunication providers.

But maybe US sanctions are broader.

People required to comply

Posted Oct 24, 2024 18:22 UTC (Thu) by MarcB (subscriber, #101804) [Link]

To answer myself:

US sanctions indeed appear to be broader and explicitly go both ways:
"These prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any blocked person and the receipt of any contribution or provision of funds, goods, or services from any such person."

The last part would obviously cover maintainers, but really all contributors.

People required to comply

Posted Oct 24, 2024 23:48 UTC (Thu) by Paf (subscriber, #91811) [Link] (1 responses)

I think this specific part - Maintainer vs some other role - seems really, really fuzzy and probably comes from lawyers trying to figure out what sort of line to draw, possibly after consultation with relevant authorities. It is definitely a slightly arbitrary line that falls well short of no interaction.

People required to comply

Posted Oct 25, 2024 3:34 UTC (Fri) by olof (subscriber, #11729) [Link]

I am not a lawyer, and I am not in any way involved in any of this, but I don't see the differentiation as arbitrary myself:

A developer (or other maintainers) need to reach out and make contact with a maintainer when they are sending them code (or bug reports, etc). A developer submitting patches is posting on a public mailing list.

The direction of who is contacting who (and/or who is contacted in private vs on a public list) is possibly more relevant than whether a person is technically labeled a maintainer or contributor.

projects are left without maintainers

Posted Oct 23, 2024 15:37 UTC (Wed) by xinitrc (subscriber, #126452) [Link] (1 responses)

Maybe not the best correlation but still. In the one of the European countries in 1938 they haven't started to pursue and oppress one of the nations straight away(i think you understand which i am referring to).
It was started with a small thing, by forcing them to wear a yellow star.
And what happens next we all know.

projects are left without maintainers

Posted Oct 23, 2024 15:47 UTC (Wed) by corbet (editor, #1) [Link]

I think we have quickly reached the Godwin point here; this doesn't seem like a good direction to pursue.

projects are left without maintainers

Posted Oct 23, 2024 18:39 UTC (Wed) by turistu (guest, #164830) [Link] (9 responses)

How would you "document" that you're not employed by some entity? Get some kind of statement from the said entity that they're not employing you? Does that seem reasonable to you?

projects are left without maintainers

Posted Oct 23, 2024 18:54 UTC (Wed) by bluca (subscriber, #118303) [Link] (5 responses)

By proving that you are working for a different, non-sanctioned entity for example

projects are left without maintainers

Posted Oct 23, 2024 19:04 UTC (Wed) by MarcB (subscriber, #101804) [Link] (4 responses)

> By proving that you are working for a different, non-sanctioned entity for example

After which you would, of course, be harassed online; maybe even loose your job or get harassed offline. After all, it is documented in a public changelog, that you disavowed your country.

I really hope that there was non-public communication beforehand and the people affected now are just those who did not provide any documentation.

projects are left without maintainers

Posted Oct 23, 2024 20:54 UTC (Wed) by bluca (subscriber, #118303) [Link] (3 responses)

Uh? Why would you be "harassed online" for showing that you have a job? There's literally several websites dedicated to it, like Linkedin...

projects are left without maintainers

Posted Oct 24, 2024 18:04 UTC (Thu) by MarcB (subscriber, #101804) [Link] (2 responses)

Note that I even mentioned "harassed online" as the most harmless possible outcome. Worse is possible.

Russian, domestic propaganda is very much based on a "true patriots versus corrupted individuals" narrative, where "corrupted" can get defined *very* broadly and arbitrarily. It utilizes thugs, online and offline, as helpers. Police and prosecutors look away when those thugs cross the line of acceptable - and even legal - behaviour.

You can be absolutely certain that a bunch "of true Russian patriots" is now watching the maintainers file and will challenge anyone who gets re-added. This might even escalate offline, by contacting employers, neighbors and so on.

projects are left without maintainers

Posted Oct 24, 2024 18:51 UTC (Thu) by atnot (subscriber, #124910) [Link]

> Russian, domestic propaganda is very much based on a "true patriots versus corrupted individuals" narrative, where "corrupted" can get defined *very* broadly and arbitrarily.

Oh, so it's just like nationalism everywhere else too :)

showing proof of employment ≠ disavowing Russia

Posted Oct 26, 2024 1:32 UTC (Sat) by hackerb9 (guest, #21928) [Link]

MarcB, are you thinking that the sanctions are by nationality? I do not think that is the case as it looks like the US sanctions actually target 500 specific entities[1] in Russia. A maintainer doesn't need to show that they work for a foreign corporation, which I could imagine might appear to some like disavowing Russia, they can show they work for some other Russian business.

[1]: https://sanctionslist.ofac.treas.gov/Home/static/sdn.html

projects are left without maintainers

Posted Oct 23, 2024 19:30 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link]

There is no straight answer.

Fortunately, these were not personal sanctions. So for Linux, it's probably enough to submit documentation to the LF that proves that you're working for a different entity. It doesn't even have to be an entity outside of Russia, an unsanctioned company should be sufficient.

projects are left without maintainers

Posted Oct 24, 2024 23:32 UTC (Thu) by timrichardson (subscriber, #72836) [Link] (1 responses)

I don't know how it works in Russia, but in Common Law countries, copyright of work done by an employee belongs to the employer. When you submit code, you make a statement of whose copyright it is, I believe. You need permission from the copyright owner to submit. You not actually submitting your code, you submit code belonging to the copyright owner.

If someone was to contribute code they wrote outside of their employment with a sanctioned firm, the copyright of the submission would vest with the contributor, not the employee (depending on the employment contract and the nature of the submission). The changed ownership of copyright is a significant difference, and probably significant regarding sanctions. Likewise if employment changes.

projects are left without maintainers

Posted Oct 24, 2024 23:33 UTC (Thu) by timrichardson (subscriber, #72836) [Link]

"not the employer"

projects are left without maintainers

Posted Oct 23, 2024 20:18 UTC (Wed) by JoeBuck (subscriber, #2330) [Link] (2 responses)

It seems apparent that many commenters on this thread incorrectly think that all Russian developers have been banned. Hopefully we can get clarification soon about exactly which people or companies are banned due to sanctions, but it seems most likely that Cyberax is correct. The US has been sanctioning specific Russian companies and individuals, not Russia as a whole.

the search pattern seems to be different

Posted Oct 24, 2024 11:22 UTC (Thu) by alexsv (guest, #174216) [Link] (1 responses)

If it was only about sanctioned entities, some .ru domains would have remained in the MAINTAINERS. But there are none left.

the search pattern seems to be different

Posted Oct 24, 2024 21:41 UTC (Thu) by HenrikH (subscriber, #31152) [Link]

All 11 of them works for companies currently on the sanctions list

projects are left without maintainers

Posted Oct 25, 2024 11:08 UTC (Fri) by nix (subscriber, #2304) [Link] (1 responses)

How do you document that you're *not* employed by someone? You can provide a contract of employment for someone else, but that proves nothing (you could have left). You'd almost have to ask your employers' lawyers to talk to the LF's lawyers. What you can do if you're currently unemployed (as is likely if, say, you *left* your ex-employer's employ because you disagreed with their helping the war, but didn't go public with that disagreement because you don't much like the idea of a very long prison term) I'm not sure.

Documenting that you don't work for a sanctioned entity

Posted Oct 25, 2024 12:17 UTC (Fri) by farnz (subscriber, #17727) [Link]

The usually accepted route is to get your tax documents from your government, along with either proof of employment elsewhere or a statement from your old employer that they no longer employ you.

The tax documents show that you're not being taxed on income from your old employer; the proof of employment elsewhere, or confirmation that your old employer no longer employs you, shows that you're not being paid "under the table" by your old employer, either. And if your new employer is cover for your old employer, you can expect them to be covered by sanctions fairly shortly thereafter, in a game of whack-a-mole.

Ultimately, this comes down to the point of sanctions; they're meant to be the last step before an out-and-out trade blockade, where targeted industries in a country you wish to make suffer lose their ability to trade with you, but other industries don't. That way, you can still get the benefits of (e.g.) buying raw materials like oil or metal ores from the country you're trying to make suffer, but they can't sell refined metals or consumer products on the global market.

Sanctions?

Posted Oct 23, 2024 4:45 UTC (Wed) by pabs (subscriber, #43278) [Link] (3 responses)

Interestingly there are still a couple of Huawei folks in the list of maintainers, and driver code for Baikal hardware in Linux.

Sanctions?

Posted Oct 24, 2024 18:18 UTC (Thu) by MarcB (subscriber, #101804) [Link] (2 responses)

It depends on what the sanctions imply. For EU, there aren't even any sanctions against Huawei. There are some recommendations and national sanctions, but they are limited to telecommunications equipment.

On the other hand, for the Russian cases, the wording is very strong: "No funds or economic resources shall be made available, directly or indirectly, to or for the benefit of natural persons or natural or legal persons, entities or bodies associated with them listed in Annex I."

US wording is even stronger: "These prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any blocked person and the receipt of any contribution or provision of funds, goods, or services from any such person."

The Huawei sanctions are much more selective, as far as I know.

Sanctions?

Posted Oct 25, 2024 6:22 UTC (Fri) by khagaroth (guest, #109895) [Link] (1 responses)

With this broad of a wording, isn't GPL software itself in violation as it doesn't have any mechanism to prohibit profit targeted usage by sanctioned entities?

Sanctions?

Posted Oct 25, 2024 7:13 UTC (Fri) by geert (subscriber, #98403) [Link]

https://elixir.bootlin.com/linux/v6.11.5/source/LICENSES/...

Why remove whole entries?

Posted Oct 23, 2024 5:09 UTC (Wed) by mb (subscriber, #50428) [Link] (1 responses)

Why are whole entries being removed instead of setting the individual entries to "Orphaned"?

Why remove whole entries?

Posted Oct 23, 2024 5:39 UTC (Wed) by DemiMarie (subscriber, #164188) [Link]

I’m not sure. For some of the drivers, a patch new sections without the affected maintainers was subsequently submitted, and Greg K-H acked it.

time to move to switzerland ?

Posted Oct 23, 2024 5:39 UTC (Wed) by johnjones (guest, #5462) [Link] (4 responses)

the riscv project saw this a while back and moved

switzerland still freezes russian bank accounts etc and upholds law they just dont use law as a offensive

frankly if you consider that russian nationals are being targeted as legitimate you ignore the fact that someone who is a avowed "dissident" might be able to contribute and even strengthen our overall understanding and lives...

basically I personally disagree with targeting groups of people and think sanctions against structures and individuals is needed.

people should be able to contribute under their own name rather than lie about where the source code came from.

John Jones


time to move to switzerland ?

Posted Oct 23, 2024 15:30 UTC (Wed) by Lennie (subscriber, #49641) [Link]

Might just be a matter of time before Switzerland does the same to Russia. They keep moving in the direction of more and more adversity towards Russia.

time to move to switzerland ?

Posted Oct 23, 2024 18:56 UTC (Wed) by MarcB (subscriber, #101804) [Link] (2 responses)

Sanctions are exactly like you want them. They are either personal (this will in all likelihood affect no one here) or against specific organizations, including companies.

For the EU, the list is here: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02014R0269-20240914
Every entry has a justification; each significantly longer then a single sentence.

The only thing that seems really objectionable here is the sentence "They can come
back in the future if sufficient documentation is provided". That is naive (at best). I would not expect anyone of the affected, who is still living in Russia, to do that, even if they are not associated with any sanctioned entity. At the very least, they would be harassed online once they reappear in the list.

Of course, if there was communication beforehand, and the list of affected maintainers was already reduced, then its fine.

time to move to switzerland ?

Posted Oct 24, 2024 0:48 UTC (Thu) by patrakov (subscriber, #97174) [Link]

They will be harassed online and offline no matter what—I still am, by both sides ("traitor!" vs. "accomplice!"), even though I relocated to the Philippines back in March 2022 and closed my Russian business. So, this doesn't look like a valid argument.

The only real consequence of such harassment for me is that I am no longer a freediver, as I can't trust my buddies not to stage an "accident."

time to move to switzerland ?

Posted Oct 24, 2024 9:18 UTC (Thu) by kleptog (subscriber, #1183) [Link]

>Sanctions are exactly like you want them. They are either personal (this will in all likelihood affect no one here) or against specific organizations, including companies.

It's the secondary sanctions that get you. It's not "you can't do business with entity X (in Russia)", but "you can't do business with entity Y (in the US/EU/elsewhere in the world) because they're still doing business with entity X (in Russia)". The chain can be arbitrarily deep. It becomes like an oil spill of Fear, Uncertainty and Doubt.

They only work because the US has quite a lot of influence on international currency flows, which explains the continuing moves to promote alternative systems. Secondary sanctions are known to be fairly ineffective and often self-defeating, but they are still quite popular. In particular they suffer from over-enforcement (like here). Companies using Redhat are afraid they might get sanctioned because they have a relationship with LF which has a relationship with Linus who merges pulls requests from an developer in America who happens to have a Russian email address.

Reverse globalization has reached the open-source domain

Posted Oct 23, 2024 6:08 UTC (Wed) by Guanjun (guest, #152647) [Link] (2 responses)

Technology has no borders is a false proposition. Those who contribute to open-source software may hesitate before submitting patches in the future, and this is a bad start.

Reverse globalization has reached the open-source domain

Posted Oct 23, 2024 8:22 UTC (Wed) by DarkFlameMaster (guest, #113360) [Link] (1 responses)

TECHNOLOGIES themselves have no regional boundaries, in the sense that a Chinese scientist can grab a paper written by an American scientist and still understand the technical details, provided the reader understands the language. The same is true for software, where you can grab the source code of any software and understand how it works, provided that you understand the programming language. It is the PEOPLE who set artificial boundaries that prevent the free communication of technology, for whatever reasons, like their economical interest, political stance, religious belief, or just bias, stereotype, misinformation or even superstition.

And those who try to persuade you that "technology does have borders" are probably those who may benefit from such Balkanization. They themselves may be selling some technological products that are so inferior in quality that they wish their country can ban all competitors from overseas so that they can monopolize their domestic market.

Reverse globalization has reached the open-source domain

Posted Oct 29, 2024 12:01 UTC (Tue) by taladar (subscriber, #68407) [Link]

There certainly are types of software that "do have borders" but that is mostly the type related to country-specific legislation, geography, language or similar local concerns.

I am not sure how this works

Posted Oct 23, 2024 7:00 UTC (Wed) by rgb (subscriber, #57129) [Link] (1 responses)

Let's say all the Russian Linux developers collaborate to create their linux-следующий tree and then some new drivers and bug fixes get merged there. Is it illegal for Linus or any other non-sanctioned maintainer to pull those?

I am not sure how this works

Posted Oct 23, 2024 8:27 UTC (Wed) by farnz (subscriber, #17727) [Link]

For a full answer, you need to speak to your lawyer, not to random Internet commentators like me. As with so much in law, It Depends; non-sanctioned maintainers cannot do anything that provides an incentive for a sanctioned entity to engage in commerce, so it comes down to details. Pulling a fix for Intel's GPUs (given that Intel aren't sanctioned) is probably OK; pulling a fix for hardware made by a sanctioned firm is probably not OK.

Exact details probably need a lawyer's attention to each patch pulled, making it not worthwhile pulling fixes from linux-следующий or similar.

Is US still the best environment to run global open source projects?

Posted Oct 23, 2024 7:08 UTC (Wed) by tesarik (subscriber, #52705) [Link] (4 responses)

This may be a good time to ask whether the Linux Kernel Organization should move away from California and where. This question may soon become even more pressing, if GOP under Donald Trump turns the US into a fascist country.

Is US still the best environment to run global open source projects?

Posted Oct 23, 2024 8:33 UTC (Wed) by evgeny (guest, #774) [Link]

You don't want to start a US-politics flame war here, do you? FWIW, what happens *now* in the US jurisdiction in general and CA in particular has nothing to do with Trump.

Is US still the best environment to run global open source projects?

Posted Oct 23, 2024 10:23 UTC (Wed) by DOT (subscriber, #58786) [Link]

Unfortunately, moving to another country will not really solve the problem, since the US has far-reaching influence that the foundation cannot ignore regardless of where it is legally located. Linux as a project cannot solve this. It's up to the politicians of the world.

Is US still the best environment to run global open source projects?

Posted Oct 23, 2024 11:36 UTC (Wed) by farnz (subscriber, #17727) [Link]

The problem isn't just the location of the organisation itself, it's also the location of the maintainers; it is an offence under US sanctions law to attempt to bypass sanctions (e.g. by working with a non-US organisation to interact with sanctioned entities), and thus the only way that moving the LKO out of the USA helps is if all the US-based maintainers (such as Linus Torvalds and Greg Kroah-Hartman) leave the USA completely and relinquish their citizenship. Additionally, they'd have to accept that they might never be allowed to enter the USA ever again.

Given that some of these people have family in the USA, that's a huge request to make of them.

Is US still the best environment to run global open source projects?

Posted Oct 23, 2024 11:59 UTC (Wed) by mikebenden (guest, #74702) [Link]

based on the Trumpster's historical sympathies (to the extent that's even a coherent thing one can track and rely on), he's probably likely to un-ban the Russians and focus on the Chinese instead :)

Either way, I'd rather keep dreaming that the Linux project would judge me by the content of my contributions, not by the color of the list my employer's been placed on by some big powerful government throwing its weight around.

Alas, all good things eventually must come to an end... :(

It was EVERYONE who have .ru in their domain to be removed

Posted Oct 23, 2024 13:28 UTC (Wed) by kirr (guest, #14329) [Link] (8 responses)

~/src/linux/linux$ git checkout 6e90b675cf94~

~/src/linux/linux$ grep '\.ru>' MAINTAINERS
M: Nikita Travkin <nikita@trvn.ru>
M: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
M: Alexander Shiyan <shc_work@mail.ru>
M: Dmitry Kozlov <xeb@mail.ru>
R: Sergey Shtylyov <s.shtylyov@omp.ru>
M: Sergey Kozlov <serjk@netup.ru>
M: Abylay Ospan <aospan@netup.ru>
M: Sergey Kozlov <serjk@netup.ru>
M: Abylay Ospan <aospan@netup.ru>
M: Abylay Ospan <aospan@netup.ru>
M: Sergey Kozlov <serjk@netup.ru>
M: Abylay Ospan <aospan@netup.ru>
M: Sergey Kozlov <serjk@netup.ru>
M: Abylay Ospan <aospan@netup.ru>
M: Sergey Kozlov <serjk@netup.ru>
M: Abylay Ospan <aospan@netup.ru>
M: Dmitry Rokosov <ddrokosov@sberdevices.ru>
R: Vladimir Georgiev <v.georgiev@metrotek.ru>
M: Dmitry Kozlov <xeb@mail.ru>
R: Sergey Shtylyov <s.shtylyov@omp.ru>
R: Sergey Shtylyov <s.shtylyov@omp.ru>
R: Sergey Shtylyov <s.shtylyov@omp.ru>
M: Evgeniy Dushistov <dushistov@mail.ru>

~/src/linux/linux$ git checkout 6e90b675cf94

~/src/linux/linux$ grep '\.ru>' MAINTAINERS
# the output is empty

details: https://git.kernel.org/linus/6e90b675cf94

It was EVERYONE who have .ru in their domain to be removed

Posted Oct 23, 2024 15:43 UTC (Wed) by xinitrc (subscriber, #126452) [Link] (5 responses)

How can you judge someone by having their email in .ru zone?
It is not very smart

It was EVERYONE who have .ru in their domain to be removed

Posted Oct 23, 2024 15:47 UTC (Wed) by xinitrc (subscriber, #126452) [Link] (3 responses)

-LIBATA SATA AHCI SYNOPSYS DWC CONTROLLER DRIVER
-M: Serge Semin <fancer.lancer@gmail.com>
-L: linux-ide@vger.kernel.org
-S: Maintained
-T: git git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata.git
-F: Documentation/devicetree/bindings/ata/baikal,bt1-ahci.yaml
-F: Documentation/devicetree/bindings/ata/snps,dwc-ahci.yaml
-F: drivers/ata/ahci_dwc.c

And what about this one? You have taken a single pattern but ignore the whole picture.

It was EVERYONE who have .ru in their domain to be removed

Posted Oct 23, 2024 16:11 UTC (Wed) by sub2LWN (subscriber, #134200) [Link] (2 responses)

That was the sole exception from the original patch (removing a maintainer with a non-RU domain email). Maybe it's related to this from last year, "We don't feel comfortable accepting patches from or relating to hardware produced by your organization." https://lore.kernel.org/all/20230314103316.313e5f61@kerne... If that's in fact the same person with this other email (RU domain) address. Searching for the company name and "sanctions", their contributions may be associated with a company under sanctions, if that's what this is ultimately about.

It was EVERYONE who have .ru in their domain to be removed

Posted Nov 5, 2024 18:08 UTC (Tue) by sammythesnake (guest, #17693) [Link] (1 responses)

Baikal Electronics (apparently Serge's employer...?) is on the list: https://sanctionssearch.ofac.treas.gov/Details.aspx?id=39178

It was EVERYONE who have .ru in their domain to be removed

Posted Nov 6, 2024 14:12 UTC (Wed) by geert (subscriber, #98403) [Link]

Bankrupted in 2023. No idea what happened with the remnants. The website is still up.

https://www.tomshardware.com/news/russian-chipmaker-baika...

It was EVERYONE who have .ru in their domain to be removed

Posted Oct 24, 2024 19:14 UTC (Thu) by jmalcolm (subscriber, #8876) [Link]

I think the part before .ru is the more relevant. For example, working for NetUP vs just being in Russia.

And it is not just the US as practically every comment in this thread seems to state.

https://www.consilium.europa.eu/en/policies/sanctions-aga...

It was EVERYONE who have .ru in their domain to be removed

Posted Oct 25, 2024 12:47 UTC (Fri) by aposimz (guest, #173480) [Link]

MailRu Group is in SDN list, however nearly everyone in Russia has @mail.ru address. That's like having @gmx.net mailbox for a German, it doesn't show any affiliation of those individuals with MailRu Group.

Besides, trvn.ru domain is a personal domain with just "Hello!" on the main page, I don't think it is in SDN list. How does this work then?

I think they just decided to carpet-bomb the whole thing, just so there are no concerns in the future. There's no legal entity to protect Russians, and their own government is not interested in that, so that's quite safe thing to do from a legal standpoint.

It was EVERYONE who have .ru in their domain to be removed

Posted Nov 6, 2024 14:12 UTC (Wed) by geert (subscriber, #98403) [Link]

Abylay Ospan has been reinstated in v6.12-rc6.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/...

Practical effect ?

Posted Oct 23, 2024 15:44 UTC (Wed) by ballombe (subscriber, #9523) [Link]

So what is the practical effect ?

What is the purpose?

Posted Oct 23, 2024 17:55 UTC (Wed) by mfuzzey (subscriber, #57966) [Link] (5 responses)

What purpose is this change supposed to have?

Is it that these maintainers are considered untrustworthy due to their affiliation?
If so, and assuming no wrong doing has already been observed, wouldn't an extra layer of review for these drivers suffice?

Or is it that rather that supporting the hardware of Russian manufacturers reduces the effect of sanctions?
That's sort of understanable but how does just removing the maintainers while keeping the drivers help?
And what would happen if someone based elsewhere, not working for Russian company steps up to be maintainer for these drivers - would that be just as bad?

The original commit messages says "They can come back in the future if sufficient documentation is provided" - what documentation would that be?

What is the purpose?

Posted Oct 23, 2024 18:28 UTC (Wed) by felixfix (subscriber, #242) [Link]

You're asking why politicians do political things. There is no useful answer. There may be useful workarounds.

What is the purpose?

Posted Oct 23, 2024 18:34 UTC (Wed) by atnot (subscriber, #124910) [Link] (3 responses)

The purpose of this is to avoid claims that linux maintainers knew, or should have known, that they were working with sanctioned entities and thus avoid the fines and prison sentences associated with doing that. Presumably the reason it happened now was that a lawyer at LF got cold feet or a friendly inquiring letter from the US government. It's arguable whether what they are doing would actually be considered sanctions evasion in a court, but I do not blame them for not wanting to find out.

The relevant documentation would be, as others have said, evidence that the relevant people are not employed by a listed entity.

What is the purpose?

Posted Oct 25, 2024 8:18 UTC (Fri) by jorgegv (subscriber, #60484) [Link] (2 responses)

"The relevant documentation would be, as others have said, evidence that the relevant people are not employed by a listed entity."

...which of course cannot be be provided. You cannot prove that something physical does _not_ exist. Only that something exists. The Russell tea pot tale comes into mind...

What is the purpose?

Posted Oct 25, 2024 11:00 UTC (Fri) by bluca (subscriber, #118303) [Link]

You can very easily prove that you work for _somebody else_ that is not on the sanctions list. Also I have no idea how it works in Russia, but in the UK I can prove via my tax documents, provided by the government, that shows who I work for.

What is the purpose?

Posted Oct 25, 2024 12:09 UTC (Fri) by james (subscriber, #1325) [Link]

"Proof" and "evidence" are two separate concepts. In particular, remember that for lawyers, "evidence" is often given in court or as part of a deposition: "nah, mate, I was never near the place 'e was killed".

Much of the business of a court is deciding which evidence to accept.

Somebody submitting something like a sworn statement or affidavit stating that they are not employed by a particular company would be considered evidence that they are not employed by that company. Further evidence of their financial affairs (for example, who does employ them) would make that evidence stronger.

Related links

Posted Oct 23, 2024 22:11 UTC (Wed) by pabs (subscriber, #43278) [Link] (37 responses)

Related links:

https://fosstodon.org/@kernellogger/113358289689604764
https://news.ycombinator.com/item?id=41922727
https://news.ycombinator.com/item?id=41922101

Related links

Posted Oct 23, 2024 22:12 UTC (Wed) by pabs (subscriber, #43278) [Link]

https://news.ycombinator.com/item?id=41919670

Related links

Posted Oct 23, 2024 23:11 UTC (Wed) by Vit0ld (subscriber, #111367) [Link]

some good points there

Related links

Posted Oct 24, 2024 3:34 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link] (7 responses)

Linus' takedown of the trolls is pretty epic.

Related links

Posted Oct 24, 2024 11:33 UTC (Thu) by LtWorf (subscriber, #124958) [Link] (5 responses)

Yes of course every differing opinion is a troll. No thought must be put to see another's point of view.

From my point of view you're a troll since you constantly dissent with my comments on every topic for example.

Related links

Posted Oct 24, 2024 12:25 UTC (Thu) by jezuch (subscriber, #52988) [Link]

Not every differing opinion is a troll, but they do want to sound like one vey much. That's how they sow chaos and confusion. We in the Eastern Europe have a pretty well tuned russian-trolldar, though.

Related links

Posted Oct 24, 2024 20:38 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link] (3 responses)

Just so you know, I'm an ethnic Russian with a Russian citizenship. I also used to live in Ukraine. So yep, I can detect trolls from afar.

Related links

Posted Oct 24, 2024 21:22 UTC (Thu) by LtWorf (subscriber, #124958) [Link] (2 responses)

Since I presume this ability has never really been tested in a real scientific experiment, I will remain doubtful about it existing for real.

Related links

Posted Oct 25, 2024 16:30 UTC (Fri) by jezuch (subscriber, #52988) [Link] (1 responses)

Things is, the russian-trolldar triggers A LOT in this thread, and you all fall for it. And this is not harmless, because this makes you complicit in whatever Russia tries to achieve. Please, please, please, don't feed the trolls, now more than ever.

Related links

Posted Oct 25, 2024 18:07 UTC (Fri) by LtWorf (subscriber, #124958) [Link]

I don't think anyone here is a russian troll.

Related links

Posted Oct 24, 2024 12:11 UTC (Thu) by mikebenden (guest, #74702) [Link]

As someone who grew up behind the Iron Curtain in the 80s, GregKH's commit blurb came off as rather Orwellian -- the kind of thing the Communist Party's PolitBuro would use during a purge of its cardre...

I absolutely don't have enough information to either agree or disagree with the actual change, and that commit blurb is of absolutely no help whatsoever.

I have no love for the Russian government as they historically oppressed all their East European neighbors, my native country among them. I'm absolutely on the side of the Ukraininans in the current conflict. But vague, Orwellian "compliance" bullshit is honestly not a good look on people I want to look up to and respect.

There was Geert Uytterhoeven's polite follow-up question here: https://lore.kernel.org/all/a520d1f5-8273-d67e-97fe-67f73... which has yet to receive an actual answer.

Optimistically, one may assume GregKH was compelled (by some combo of LF lawyers and 3-letter agencies) to be vague, i.e. an "I can't tell you, and I can't tell you that I can't tell you" sort of thing.

But then, Torvalds' epic takedown you're so fond of seems to contradict that theory, which is even *more* disappointing.

In conclusion, it's not the action itself that I find problematic, but rather the vague, again -- Orwellian, tone used to justify it, and the lack of transparency that is a HUGE disappointment...

Related links

Posted Oct 24, 2024 9:13 UTC (Thu) by paulj (subscriber, #341) [Link] (26 responses)

https://social.kernel.org/notice/AnIv3IogdUsebImO6i

"The people removed from maintainer positions were identified as employed by .... companies [...] directly involved in the Russian military complex and therefore are directly complicit in war crimes being committed daily ..."

Setting the EU/US sanctions listing criterion aside, if the moral justification here is to exclude anyone employed by companies involved in industrial-military complexes, then that would mean anyone employed by RedHat (US DoD contracts, US DoD is complicit in an ongoing genocide), Meta (has provided WhatsApp meta-data to a country engaged in genocide), and such should also be excluded, doesn't it?

Related links

Posted Oct 24, 2024 9:14 UTC (Thu) by paulj (subscriber, #341) [Link] (1 responses)

Oh, and RedHat also supports and profits from other US military-industrial complex companies that profit from making of munitions and weapons systems that are being used in an ongoing genocide, such as Lockheed-Martin.

Related links

Posted Oct 24, 2024 12:03 UTC (Thu) by malmedal (subscriber, #56172) [Link]

Evidence for the Russian genocide became incontrovertible after they lost the battle for Kyiv and Ukraine gave access to Bucha and other liberated villages to international investigators.

It's certainly possible that Israel (assuming that's what you're referring to) is also committing genocide, but there is much less evidence for that and it's harmful to both Ukrainans and Palestinian to equate them at this point.

Related links

Posted Oct 24, 2024 10:16 UTC (Thu) by farnz (subscriber, #17727) [Link]

Look at Russian sanctions lists - they do sanction at least one of the companies you've named, if not both. The issue here is largely that there's a significant chunk of kernel maintainers in the USA who care about not going to US jail for breaching US sanctions, but there was no matching fear about breaching Russian sanctions.

And the difference comes down largely to where core people like Linus Torvalds and Greg Kroah-Hartman live and want to be able to live. If they were living in Russia, caring about Russian law, then we'd see a very different approach to their current approach (where they both live in the USA and care about US law as a result).

Related links

Posted Oct 24, 2024 11:42 UTC (Thu) by pizza (subscriber, #46) [Link] (16 responses)

> Setting the EU/US sanctions listing criterion aside,

Compliance with "the EU/US sanctions listings" are the _only_ thing that matters here. They cannot be "set aside" if you are a business [partially] located in the EU or US.

You can't "moral" or "technical" your way out of "legal" problems.

Related links

Posted Oct 24, 2024 12:28 UTC (Thu) by paulj (subscriber, #341) [Link] (15 responses)

Well, yes, EU or US sanctions lists are a legal barrier to EU or US entities. And RU sanctions lists a barrier for RU entities. Etc.

There is a moral justification in that post though. Which is that it is morally wrong to work for any entity involved in military-industrial complexes that are involved in war-crimes, and that anyone in such a position should be held personally accountable:

"If they work for companies that develop weaponry or logistics used by the $COUNTRY military, they are complicit in $COUNTRY war crimes, and
I hold them responsible at a very personal level".

Now, if we apply that standard generally, it would seem to me that quite a number of contributors who are based in the west - particularly in the USA, UK and DE - are also personally complicit for aiding military-industrial complexes that are profiting from an ongoing, western-backed genocide. Employees of Meta, RedHat, and probably a large number of others (which F/OSS companies are supporting, say, Rheinmetal in Germany, or Elbit in the UK?) should face some kind of censure by our F/OSS communities - up to and including exclusion.

I happen to actually be very very open to that argument. I do think we are each personally responsible, to at least some degree, for our choice in employment and the relations our employer keeps and hence the actions of related parties that one's employment might be supporting (in whatever small way). On the other hand, this is a standard that a) would affect many many contributors, and b) is sadly very difficult to escape, given the sad state of the world and the wide acceptance of war-crimes and crimes against humanity by every great power (and the smaller countries in their orbits) - at least when it comes to their own crimes.

Related links

Posted Oct 24, 2024 12:34 UTC (Thu) by dgn (guest, #132630) [Link] (8 responses)

> Now, if we apply that standard generally, it would seem to me that quite a number of contributors who are based in the west - particularly in the USA, UK and DE - are also personally complicit for aiding military-industrial complexes that are profiting from an ongoing, western-backed genocide. Employees of Meta, RedHat, and probably a large number of others (which F/OSS companies are supporting, say, Rheinmetal in Germany, or Elbit in the UK?) should face some kind of censure by our F/OSS communities - up to and including exclusion.

You do realize that working for a tech company that does less than a single-digit percentage of their revenue dealing with the military-industrial complex is not comparable to a company actually producing weapons as part of that industry, do you? Apart from the fact that the genocide you mention is not even carried out by the US but an ally, so there's another level of indirection.

> I happen to actually be very very open to that argument.
I'm sure you are and have been for a long time, and I'm certain nobody cares.

Related links

Posted Oct 24, 2024 12:48 UTC (Thu) by paulj (subscriber, #341) [Link] (7 responses)

Would the DoD, or Lockheed-Martin, equivalent Russian ministries and M-I companies, etc., be able to operate efficiently (if operate properly at all) if everyone in F/OSS refused to give any support to them in their IT operations?

They probably could still operate, but they would also probably suffer from not-entirely-trivial inefficiencies which they do not have today.

There's no point getting into weeds on arguments about whether there is a genocide ongoing at moment.

There very obviously is to everyone in the world, bar a very small set of people. The ICJ - the authoritative body - already ruled, quite a while ago, that the threshold for action (i.e., by it on proceeding with the case, and also on states for acting to prevent genocide) on the /possibility/ for genocide had been reached. It is also a fact that the acts which obviously are genocide to all in the world, bar a small set, could not have occurred without the support of the USA - both political, operationally, and materially in terms of _very large_ quantities of bombs (more tonnage of HE than that dropped on a number of major cities in Europe in all of WWII combined), and it is a fact the USA provided that support while in possession of the same knowledge the rest of the world has (and more, given the vast SIGINT and IMINT resources it has). Those are just facts.

Related links

Posted Oct 24, 2024 13:20 UTC (Thu) by dgn (guest, #132630) [Link] (5 responses)

> Would the DoD, or Lockheed-Martin, equivalent Russian ministries and M-I companies, etc., be able to operate efficiently (if operate properly at all) if everyone in F/OSS refused to give any support to them in their IT operations?
>
> They probably could still operate, but they would also probably suffer from not-entirely-trivial inefficiencies which they do not have today.

Those organisations are all big enough to afford their own teams doing that support for them. It would just cost them more than buying the equivalent product. Which in the end might just mean that they would not use FOSS in the first place, as using proprietary solutions might come cheaper.

While I completely agree that the thought of somebody using one's own work to do terrible things is abhorrent, I disagree with the guilty-by-association dogma that so many people have. Working for Meta is absolutely not the same as dropping bombs - I think Meta's business model is responsible for a lot of things that are wrong about the internet today, and that's a problem, not their possible business association with Lockheed-Martin. Even working for Lockheed-Martin is not the same as dropping bombs. Somebody's got to build rockets and bombs, that's sadly the way it is. Instead of judging people for doing that work you should be glad you don't have to do it, like you might have to in some fascist dystopia.

When it comes to the people actually taking decisions to drop bombs on civilians, that's a different matter and here we can talk about personal and moral responsibility. But then the circle shrinks substantially and it becomes very, very hard to identify those people.

Related links

Posted Oct 25, 2024 11:05 UTC (Fri) by paulj (subscriber, #341) [Link] (4 responses)

Just to be clear, cause I didn't explicitly set it out: I am arguing /both/ sides here. Although ultimately, I argue there is great hypocrisy and depravity all around.

1. I see value in holding people responsible for the choices to make, including who they work for and the impact of that work on the world.

2. I see that the world is incredibly shitty place, and (ignoring the issue of dual-use technologies - you may work on something for its positive uses, but you can't control the negative uses) so much work these days is via very large corporates, with many interconnections, that you almost can not avoid working for corporates with connections to pretty shitty other corporates.

No doubt stuff I have worked on has been used for things that a number of people would consider "bad" or even "evil". E.g., I have done contracting to fix issues and improve networking software - many uses - but I did that work for a company in the oil industry, and their aim was to more efficiently find more oil for us to burn. Etc.

3. I see a lot of hypocrisy. Really, we just have different "tribes", each aligned around a few different "great powers". Each of which is guilty of great evil around the world. Each claims moral superiority, and decries the evil of the others. And the circus continues and continues, while the bodies of children pile up. The children I killed are all unfortunate accidents, collateral damage, and ultimately the responsibility of the evil terrorists who forced me to bomb children. The children /you/ killed are proof of your utter depravity.

---
On "Somebody's got to build rockets and bombs, that's sadly the way it is." - well, in a world where the M-I-complex was being deployed for defensive purposes, ok, you can easily justify that morally. In a world where, for many decades now, the output of that complex is primarily used by the richest and most developed nations in the world to kill poor people in underdeveloped countries in vast numbers, for the ultimate aim of gaining control (directly or less directly by installing a more sympathetic gov) of their resources, such work is... a lot more questionable. The western "rules based order" has completely lost its moral compass since WWII, in my opinion, your opinion may differ.

The reference to Meta was not about an association to Lockheed-Martin. There are credible allegations that Meta has been providing meta-data from WhatsApp to the IDF, which the IDF then uses for targeting.

But... not really for LWN. Ping me and meet me in Dublin for a pint, for anyone who wants to debate this further.

Related links

Posted Oct 25, 2024 11:42 UTC (Fri) by malmedal (subscriber, #56172) [Link] (3 responses)

> Really, we just have different "tribes", each aligned around a few different "great powers". Each of which is guilty of great evil around the world.

Can you stop writing slanderous and inflammatory statements on LWN? Ukraine vs Russia is clear good vs evil. And stop muddying the issue with unrelated conflicts.

Current Russian discourse is actually clearer than what the Nazis wrote in their papers. (We read some of it in German class)

https://x.com/JuliaDavisNews/status/1657177465658257409

Related links

Posted Oct 25, 2024 12:19 UTC (Fri) by paulj (subscriber, #341) [Link] (2 responses)

None of my points are about Russia and Ukraine in any specific way. My points are actually focused much more on the West. Further, to the extent I have made a point that refers to Russia, it would be where I stated *all* the great powers are involved in great evil around the world. You have even quoted that line.

You appear to be completely misreading my comments. You appear to be responding to some other argument in your head that you've had with other people somewhere, which you are projecting onto my comments, for whatever reading.

Related links

Posted Oct 25, 2024 13:33 UTC (Fri) by malmedal (subscriber, #56172) [Link] (1 responses)

> None of my points are about Russia and Ukraine

Indeed, they are not relevant to the issue at hand or to LWN.

> I stated *all* the great powers are involved in great evil around the world.

An untrue and extremely inflammatory statement. It reads like the powers are morally equal and doing the same things. This is not true. Russia is trying to create chaos. The US is trying to calm things down. China is mostly but unfortunately not completely with calming things down.

> You appear to be completely misreading my comments.

Your comments imply that you are completely ignorant of the rules of war and what belligerents can and cannot do. You really should educate yourself and discuss it in a relevant forum instead of here.

Let's stop this here

Posted Oct 25, 2024 13:39 UTC (Fri) by jake (editor, #205) [Link]

This whole sub-thread (not just the comment I am replying to here) has drifted far from the topic at hand. Please stop it here.

thanks,

jake

Related links

Posted Oct 24, 2024 17:32 UTC (Thu) by malmedal (subscriber, #56172) [Link]

You're ignoring what the article is about: Are there any of these developers that should not have been on the list?

Also your "facts" are not factual:

> The ICJ - the authoritative body - already ruled, quite a while ago, that the threshold for action (i.e., by it on proceeding with the case, and also on states for acting to prevent genocide) on the /possibility/ for genocide had been reached.

No, that is not what they said.

From: https://www.bbc.co.uk/news/articles/c3g9g63jl17o

> The judges had stressed they did not need to say for now whether a genocide had occurred but concluded that some of the acts South Africa complained about, if they were proven, could fall under the United Nations’ Convention on Genocide.

Regarding Russia, the ICJ has already ruled:

From: https://www.icj-cij.org/sites/default/files/case-related/...

> The Russian Federation shall immediately suspend the military operations that it commenced on 24 February 2022 in the territory of Ukraine

Also, ICC(different court) has an arrest warrant out for Putin:

https://www.icc-cpi.int/news/situation-ukraine-icc-judges...

But again, the issue at hand are the excluded developers, which of them, if any, should not have been excluded?

Related links

Posted Oct 24, 2024 12:55 UTC (Thu) by pizza (subscriber, #46) [Link] (1 responses)

> On the other hand, this is a standard that a) would affect many many contributors, and b) is sadly very difficult to escape,

Some time ago, I pointed out that I was 99% sure that software I wrote was used to kill people (offensive military robots). I'm also 99% sure it has been used to save innocent lives (bomb disposal robots by same manufacturer). I'm 99% sure it has been used to plan (if not outright commit) any number of crimes Yet the overwhelming majority of its use has been to watch cat videos, read email, and other "normal people" activities.

The software in question? A wifi driver that was part of the mainline linux kernel for more than a decade. But before it got mainlined, the maker of those robots paid my employer to figure out a problem that caused high-bandwidth streaming video dropouts. _Every other user_ of that driver benefited from those reliability improvements.

My point? Any given Linux (or almost any F/OSS) contributor is at most two steps away from being directly affiliated with a military force. This standard is not"very difficult to escape"; it is for all intents pretty much impossible.

Related links

Posted Oct 24, 2024 13:12 UTC (Thu) by paulj (subscriber, #341) [Link]

> This standard is not"very difficult to escape"; it is for all intents pretty much impossible.

Agreed.

Related links

Posted Oct 24, 2024 13:36 UTC (Thu) by malmedal (subscriber, #56172) [Link] (1 responses)

> If they work for companies that develop weaponry or logistics used by the $COUNTRY military, they are complicit in $COUNTRY war crimes

Do you want to live in a just and peaceful world?

If so, you're not helping.

In the case of Israel there is photographic evidence that they stripped Palestinian captives to the underwear.

In the case of Russia there is photographic evidence they stripped Ukrainan captives to the underwear and then shot them.

Treating these as if they are the same is going to lead to more wars and bigger wars.

Related links

Posted Oct 24, 2024 13:43 UTC (Thu) by jzb (editor, #7867) [Link]

At this point, we're getting well beyond the original topic. Can we stop here before things go off the rails? Thank you!

Related links

Posted Oct 25, 2024 1:39 UTC (Fri) by Kamilion (subscriber, #42576) [Link] (1 responses)

Ah, yes, so because I worked at a Knife Company, I'm ethically responsible for every bladed murder suicide on the planet.
Because I owned a whetstone, I'm culpable for every Hellfire R9X strike.
Due to buying a leather strop, I contributed to the deaths of millions of individuals.

We'll just... conveniently ignore all those other statistics like starvation, right?

Because I wasn't a farmer, I'm ethically responsible for every starving child, right?
Due to not tending a garden, I'm culpable for all the evils of economics and automations and profiteering, right?

Because I owned a screwdriver, someone somewhere was stabbed with an icepick and it's my fault for having a similarly shaped tool, right?

*because I have hands that could strangle someone, I should be imprisoned, or have them removed, right?*

Where does the madness end?

Tools work at the behest of their holder. We do not blame our tools. We blame ourselves.

Related links

Posted Oct 25, 2024 2:14 UTC (Fri) by Kamilion (subscriber, #42576) [Link]

Ah, sorry, just realized that my dripping sarcasm may not have come across properly in text.
Paul, not really directing that at you; just elucidating in general. I also feel like I share some responsibility; like pizza, my contributions to ROS may have harmed, helped, and forced progress. But the question is, how much of that lays on my shoulders? Do my contributions to SLAM *actually* make me culpable for 'new things' heading out to the battlefield?

https://www.youtube.com/watch?v=i1QRqu3Cocw

"How Do Military Drones Fly Without GPS? | Ian Laffey, Thesus"

It's very clear to me that what I developed ten years ago is "being independently rediscovered" at a very rapid rate. This "kid" (and I use the term loosely, due to his youth, and verbal tic of 'Like', every three words as the cogs are turning in the background and he needs a moment for text to speech to finish exporting the current symbols before the next queued can be delivered) has pushed forward optical techniques that are older than I am, and mixed them up with modern tools. Those tools are intended for the battlefield, and it's clear he lacks the kind of life experience to apply a moral compass to the results. He likely knows they're going to harm people but has no context in his life to understand what that actually means.

https://www.youtube.com/watch?v=v4mc5mHksl8

This sort of scene is absolutely unheard of in american life, and nowhere in childhood or matriculation would he have encountered it.

"You see brief clips of it on the news." Except when you don't because even the news censors things to "buildings falling" and property damage. I can't recall the last time I've seen a *real pool of blood* -- it's something that's "only in fiction".

So yeah.

I don't deny that we can be very disassociated with life today.

Projectile Weapons are no longer seen as hunting tools for food gathering, because the general public now shops at walmart.

People have grown complacent, expecting the results of a process without bothering to look into the meat packing industry themselves.
What they might find there may be surprising. "The children yearn for the mines" is a pertinent meme to review in this case.

Related links

Posted Oct 24, 2024 11:43 UTC (Thu) by malmedal (subscriber, #56172) [Link] (5 responses)

EU and US sanctions are usually rather pathetic and only target the easiest to prove cases.

Some of the sanctioned people even list work for the Russian military on their LinkedIn.

Can you find a specific developer that should not have been on the list?

Related links

Posted Oct 24, 2024 12:23 UTC (Thu) by atnot (subscriber, #124910) [Link] (1 responses)

> EU and US sanctions are usually rather pathetic and only target the easiest to prove cases.

This is slightly off-topic but since this is a common rhetoric, it should be pointed out that this is exclusively for propaganda reasons. It's there so people at home can say "see we're not being cruel, we're just sanctioning a very limited subset of organizations and also medicine and stuff is still allowed through!". Unless that medicine is going to the military of course and numerous other caveats. But in practice there isn't a pharma company in the world that would be caught dead supplying medicines to Iran or Cuba because it's prohibitively complicated to comply with all of the sanctions.

The overbroadness and caution with which these sanctions are implemented in practice and the resulting cruelty is absolutely the point and regardless of how justified we think the sanctions are, we shouldn't delude ourselves otherwise.

(This of course changes nothing about my bold stance that Linus should not be expected to risk jailtime for sanctions evasion just to keep a few emails in a file)

Related links

Posted Oct 24, 2024 12:39 UTC (Thu) by malmedal (subscriber, #56172) [Link]

> since this is a common rhetoric,

Which is why I asked what specifically is wrong in this instance.

Not answering is answer enough, though.

Related links

Posted Oct 24, 2024 12:29 UTC (Thu) by dgn (guest, #132630) [Link] (2 responses)

> Can you find a specific developer that should not have been on the list?

This is the important bit that nobody seems to talk about. Everybody just pretends to get riled up about apparent injustice. But did anybody actually look into these people before defending them?

Related links

Posted Oct 25, 2024 8:12 UTC (Fri) by vegard (subscriber, #52330) [Link] (1 responses)

I think you're missing the point, at least from my perspective.

The problem here is not complying with sanctions. It's not even necessarily about the specific people who were removed as maintainers.

It's the way in which it was done: very quietly, with the patch sent only to patches@lists.linux.dev, and then hidden in an unrelated char-misc pull request, and no credible explanation given. Yes, there was a changelog, but it was incredibly vague and explains very little -- the real explanation has come to light in follow-ups.

The problem is that all of this was done sneakily, in secrecy (which failed and backfired, by the way). It should have been done fully in the open with some kind of explanation as to the criteria. The way it was done created unnecessary fear because it did not spell out why certain maintainers were being given the boot. Did it target Russian nationals? Or certain companies? (Yes, we know the answer NOW, but we didn't at the time, since this was not explained in the patch.) Who is next? Chinese citizens? Chinese companies?

Top maintainers forcibly removing people from maintainer positions is a very strong use of power. It's an extreme action compared to anything we've ever seen in the Linux kernel. It's a devastating predicament for those involved, whether they deserved it or not. It sends a signal -- but what signal? Without the accompanying explanation, it could be interpreted in a number of ways. Are all Russians now persona non grata in the Linux kernel? I think that's a very dangerous mindset, very similar to how Jews, Arabs, etc. have historically been treated in the Western world. A simple up-front explanation would have avoided this unfortunate implication.

I'm not defending any specific person because I don't know the maintainers involved. But I disagree profoundly with the way it was done.

We don't sneak things in. We're better than this. Especially following the UMN scandal and the xz backdoor. This should not be hard to understand.

Related links

Posted Oct 25, 2024 9:51 UTC (Fri) by intelfx (subscriber, #130118) [Link]

Well said.

The US brings us down

Posted Oct 24, 2024 10:37 UTC (Thu) by jlm2000 (✭ supporter ✭, #106727) [Link] (4 responses)

This is so obvious on a political agenda and enforced by the US govmnt. Russia has many very qualified developers and Linux Kernel will no doubt have a loss here.

US did invade Afganistan, Kuwait, Iraq, Balkans, Somalia and a lot more, was there ever an expulsion of US Am developers?

The US brings us down

Posted Oct 24, 2024 10:43 UTC (Thu) by atnot (subscriber, #124910) [Link] (3 responses)

no, because those countries could not credibly threaten to jail Linux Foundation staff, but the US can.

The US brings us down

Posted Oct 24, 2024 13:20 UTC (Thu) by zoobab (guest, #9945) [Link] (2 responses)

"jail Linux Foundation staff"

Move the Foundation elsewhere, like it was done with RISC-V to Switzerland.

Although, for Switzerland, I think they also have trade sanctions against other countries.

Pick up a country (an island) which does not have trade sanctions.

The US brings us down

Posted Oct 24, 2024 13:26 UTC (Thu) by farnz (subscriber, #17727) [Link]

This goes back to ordering Linus Torvalds and Greg Kroah-Hartman (among others) to leave the USA, give up their US citizenship, and risk never seeing the USA part of their families ever again (and possibly the Swedish parts, too).

If you can't get the key people to move, moving the rest of the foundation doesn't matter, because Linus and Greg will still need the foundation to comply with US sanctions for them to continue associating with it.

The US brings us down

Posted Oct 25, 2024 7:00 UTC (Fri) by NYKevin (subscriber, #129325) [Link]

The US government has been playing this game for longer than most of us have been alive. Finding loopholes is a fool's errand. If you do find a loophole, they close it, put everyone involved on one or more lists, and arrest any participants who happen to be on US soil.*

In this particular case, the purported loophole is to use an intermediary in Switzerland. This is not a novel strategy, and the US hit upon the idea of "sanctions are transitive, so now your Swiss intermediary is sanctioned too" a long time ago.

* "But I had a valid loophole!" you protest. That's not going to cut it. When you piss off the feds, they are not just looking at one specific action to see if it was a crime. They are looking at your entire pattern of behavior leading up to that point, and comparing every little thing you did against every little law and regulation that might possibly fit. Given the sheer complexity and oppressive thoroughness of OFAC regulations alone, it is highly unlikely that your loophole really does comprehensively cover all of your activity leading up to the point at which the feds decide that you are a criminal. Plus they can also charge you with things like wire fraud, money laundering, and structuring, so you have to worry about all of those laws as well. Do you think a bank is going to help you evade sanctions, if you tell them that that is what you are trying to do? No, you're going to lie to them, which by itself already opens the door to a panoply of secondary crimes.

Here's the official statement via James Bottomley

Posted Oct 24, 2024 16:56 UTC (Thu) by alexbk (subscriber, #37839) [Link] (9 responses)

https://lwn.net/ml/all/7ee74c1b5b589619a13c6318c9fbd0d6ac...

Specifically,

If your company is on the U.S. OFAC SDN lists, subject to an OFAC
sanctions program, or owned/controlled by a company on the list, our
ability to collaborate with you will be subject to restrictions, and
you cannot be in the MAINTAINERS file.

This should've been done first, and entries in MAINTAINERS removed later. Almost all other posts in that thread are best left unopened and unread, partly because of not-great handling of the issue on LF/maintainers part.

Here's the official statement via James Bottomley

Posted Oct 24, 2024 17:57 UTC (Thu) by mikebenden (guest, #74702) [Link] (5 responses)

It's reassuring that they eventually ended up doing the right thing (unfortunately, after having exhausted plenty of other alternatives :) -- but better late than never...

Here's the official statement via James Bottomley

Posted Oct 24, 2024 18:15 UTC (Thu) by malmedal (subscriber, #56172) [Link] (4 responses)

It almost certainly is not fair to blame them, the sentence: "We finally got clearance to publish the actual advice", implies that somebody else was being difficult.

Here's the official statement via James Bottomley

Posted Oct 24, 2024 20:11 UTC (Thu) by backdoordriver (guest, #172767) [Link] (2 responses)

Probably there's a lot of discussions related to the details of such sanctions to avoid to discuss the main aspect.

Cannot find other words different from "racism".

Racism coming back, from who declare to be the king of human rights.

I have some questions for you.
Why such guys cannot contribute in their hobby time ?
Do such guys decided to start the war ?
Is Linux a USA product or something where all able to contribute did ?
Should USA government rules over Linux ?
Will such racist sanctions change the war result ?

I am very sad for the direction the community staff is going.
But i am confident there are a lot of intelligent and nice guys still, so i stay in for now.

Here's the official statement via James Bottomley

Posted Oct 24, 2024 20:24 UTC (Thu) by dskoll (subscriber, #1630) [Link]

Cannot find other words different from "racism".

Really? You are not trying very hard. The sanctions against Russia are in response to an unprovoked war of aggression against Ukraine. It has nothing to do with anyone's race.

As for your questions:

Why such guys cannot contribute in their hobby time ?

They can. But Linux Foundation can't have anything to do with people working for sanctioned entities.

Do such guys decided to start the war ?

Probably not. But again, the rules of the sanctions prohibit working with people who work for sanctioned entities. This may be an unfortunate bit of collateral damage, but such is life.

Is Linux a USA product or something where all able to contribute did ?

Linux is not an American product, but any organization operating in the United States, and any people living in the United States, have to comply with American law.

Should USA government rules over Linux ?

No. But it can enforce its own laws on people and organizations located in the United States.

Will such racist sanctions change the war result ?

That's a meaningless question because the sanctions are not "racist". They are designed to punish Russia for starting and engaging in an unprovoked war of aggression against its neighbor.

Here's the official statement via James Bottomley

Posted Oct 24, 2024 21:20 UTC (Thu) by malmedal (subscriber, #56172) [Link]

> sanctions change the war result ?

Russia would have won already if the sanctions weren't in place.

They would have lost already if the sanctions were properly enforced.

For instance the Lancet is a fearsome weapon, but they can only build as many as they can smuggle in these:

https://developer.nvidia.com/embedded/jetson-tx2

Just about the only significant weapons they can make on entirely on their own are things like artillery ammunition and BM-21 rockets, and
half of those are supplied by North Korea.

Here's the official statement via James Bottomley

Posted Oct 25, 2024 11:33 UTC (Fri) by nix (subscriber, #2304) [Link]

We still don't know who the someone else was, either. Lawyers really are such cowards. (I say this as someone related to multiple lawyers, who have in the past complained to me about how much their place of work *requires* them to appear to be cowardly slimeballs for the sake of limiting legal liability. This is no doubt the same sort of thing.)

Here's the official statement via James Bottomley

Posted Oct 25, 2024 3:42 UTC (Fri) by 0x51 (guest, #127460) [Link] (2 responses)

According to the statement, all the Huawei guys should be removed from the MAINTAINERS list?

Here's the official statement via James Bottomley

Posted Oct 25, 2024 5:02 UTC (Fri) by makendo (guest, #168314) [Link]

If it is the Huawei guys being removed, the backlash would be stronger even with angry mobs and alleged trolls excluded. There are more Chinese participating in kernel dev than Russians.

A followup message seems to imply that they are unlikely to be removed unless the lawyers explicitly and clearly told them to. For now we can only pray that a removal of Chinese maintainers, which would _almost definitely_ result in a fork of the Linux codebase, won't happen.

Here's the official statement via James Bottomley

Posted Oct 25, 2024 10:50 UTC (Fri) by bluca (subscriber, #118303) [Link]

No, because Huawei is not subject to the same sanctions as Russian government/companies/entities are

Typical US hypocrisy and hypocrisy by Linus

Posted Oct 25, 2024 14:34 UTC (Fri) by marcinjend (guest, #173477) [Link] (1 responses)

Offensive content removed. — Editors

Typical US hypocrisy and hypocrisy by Linus

Posted Oct 25, 2024 14:55 UTC (Fri) by daroc (editor, #160859) [Link]

I think that continuing to discuss this is going to end up with an endless spiral of increasingly negative comments. I have set the comments on this article to 'moderated', and will be applying a high bar to what gets let through.

About James' job

Posted Oct 27, 2024 17:06 UTC (Sun) by suzuki_jetson (guest, #174274) [Link] (1 responses)

I know that James Bottomley is a kernel maintainer. However, is he/she a official lawyer of LF foundation? If not, his opinion cannot be described as LF official statement.

About James' job

Posted Oct 27, 2024 17:11 UTC (Sun) by jzb (editor, #7867) [Link]

If you click through to the original message, you'll see that he says "we finally got clearance to publish the actual advice". The words "official statement" were not used, however.

Public statement from LF Legal etc.?

Posted Dec 17, 2024 14:17 UTC (Tue) by geert (subscriber, #98403) [Link] (1 responses)

Apparently the rationale for this was presented at the Maintainers Summit in Vienna, three months ago[1].
Unfortunately this was an invite-only event, and AFAIK the presentations/recordings are not publicly available. Also, that part was not covered by LWN.net[2].

Today, we are still waiting for:
1. A public statement from Linux Foundation Legal,
2. A patch series for Documentation/process on the workflows mailing list, to clarify the related process and guidelines,
3. A public apology to the people who were removed from the MAINTAINERS file in error.

Thank you!

[1] "Draft Agenda for the 2024 Maintainers Summit" https://lore.kernel.org/all/20240913125310.GA1706848@mit....
[2] https://lwn.net/Articles/990740/

Public statement from LF Legal etc.?

Posted Jan 31, 2025 13:08 UTC (Fri) by geert (subscriber, #98403) [Link]

GregKH just pointed me to a new Linux Foundation blog post:
https://www.linuxfoundation.org/blog/navigating-global-re...

TL;DR: a maintainer can accept a patch from a sanctioned entity, but not request more details, or suggest changes for a v2...


Copyright © 2024, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds