36
submitted 3 weeks ago by 0x4E4F@infosec.pub to c/linux@lemmy.world

Official statement regarding recent Greg' commit 6e90b675cf942e from Serge Semin

Hello Linux-kernel community,

I am sure you have already heard the news caused by the recent Greg' commit 6e90b675cf942e ("MAINTAINERS: Remove some entries due to various compliance requirements."). As you may have noticed the change concerned some of the Ru-related developers removal from the list of the official kernel maintainers, including me.

The community members rightly noted that the quite short commit log contained very vague terms with no explicit change justification. No matter how hard I tried to get more details about the reason, alas the senior maintainer I was discussing the matter with haven't given an explanation to what compliance requirements that was. I won't cite the exact emails text since it was a private messaging, but the key words are "sanctions", "sorry", "nothing I can do", "talk to your (company) lawyer"... I can't say for all the guys affected by the change, but my work for the community has been purely volunteer for more than a year now (and less than half of it had been payable before that). For that reason I have no any (company) lawyer to talk to, and honestly after the way the patch has been merged in I don't really want to now. Silently, behind everyone's back, bypassing the standard patch-review process, with no affected developers/subsystem notified - it's indeed the worse way to do what has been done. No gratitude, no credits to the developers for all these years of the devoted work for the community. No matter the reason of the situation but haven't we deserved more than that? Adding to the GREDITS file at least, no?..

I can't believe the kernel senior maintainers didn't consider that the patch wouldn't go unnoticed, and the situation might get out of control with unpredictable results for the community, if not straight away then in the middle or long term perspective. I am sure there have been plenty ways to solve the problem less harmfully, but they decided to take the easiest path. Alas what's done is done. A bifurcation point slightly initiated a year ago has just been fully implemented. The reason of the situation is obviously in the political ground which in this case surely shatters a basement the community has been built on in the first place. If so then God knows what might be next (who else might be sanctioned...), but the implemented move clearly sends a bad signal to the Linux community new comers, to the already working volunteers and hobbyists like me.

Thus even if it was still possible for me to send patches or perform some reviews, after what has been done my motivation to do that as a volunteer has simply vanished. (I might be doing a commercial upstreaming in future though). But before saying goodbye I'd like to express my gratitude to all the community members I have been lucky to work with during all these years.

you are viewing a single comment's thread
view the rest of the comments
[-] goffy59@lemmy.world 17 points 3 weeks ago

Purging of contributors just because they originate from a country is not how leadership of an open source project should act. Really sad to see.

This isn't about "purging contributors just because they originate from a country"—it's about addressing real security risks and complying with international sanctions. Open-source projects, especially something as critical as the Linux kernel, don’t exist in a vacuum. They are part of a global infrastructure that is deeply intertwined with national security and legal obligations.

Russia's actions on the global stage, from its involvement in cyber warfare to the invasion of Ukraine, have resulted in widespread sanctions for good reason. When individuals or organizations tied to sanctioned entities are involved, it becomes a matter of compliance and risk management, not arbitrary exclusion. The leadership of open-source projects has a responsibility to protect the project’s security and integrity, especially from potential threats that are well-documented.

It’s unfortunate that good contributors are caught in the crossfire, but that's a consequence of the political reality created by Russia's actions. The Linux Foundation, being U.S.-based, has to comply with these sanctions, and more importantly, must take steps to safeguard critical infrastructure from potential compromise. It’s not about nationality—it's about mitigating risks and ensuring compliance with international laws. That’s just how responsible leadership works.

this post was submitted on 24 Oct 2024
36 points (74.3% liked)

Linux

8110 readers
35 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 1 year ago
MODERATORS