263
submitted 2 weeks ago by 0x4E4F@infosec.pub to c/linux@lemmy.ml

Official statement regarding recent Greg' commit 6e90b675cf942e from Serge Semin

Hello Linux-kernel community,

I am sure you have already heard the news caused by the recent Greg' commit 6e90b675cf942e ("MAINTAINERS: Remove some entries due to various compliance requirements."). As you may have noticed the change concerned some of the Ru-related developers removal from the list of the official kernel maintainers, including me.

The community members rightly noted that the quite short commit log contained very vague terms with no explicit change justification. No matter how hard I tried to get more details about the reason, alas the senior maintainer I was discussing the matter with haven't given an explanation to what compliance requirements that was. I won't cite the exact emails text since it was a private messaging, but the key words are "sanctions", "sorry", "nothing I can do", "talk to your (company) lawyer"... I can't say for all the guys affected by the change, but my work for the community has been purely volunteer for more than a year now (and less than half of it had been payable before that). For that reason I have no any (company) lawyer to talk to, and honestly after the way the patch has been merged in I don't really want to now. Silently, behind everyone's back, bypassing the standard patch-review process, with no affected developers/subsystem notified - it's indeed the worse way to do what has been done. No gratitude, no credits to the developers for all these years of the devoted work for the community. No matter the reason of the situation but haven't we deserved more than that? Adding to the GREDITS file at least, no?..

I can't believe the kernel senior maintainers didn't consider that the patch wouldn't go unnoticed, and the situation might get out of control with unpredictable results for the community, if not straight away then in the middle or long term perspective. I am sure there have been plenty ways to solve the problem less harmfully, but they decided to take the easiest path. Alas what's done is done. A bifurcation point slightly initiated a year ago has just been fully implemented. The reason of the situation is obviously in the political ground which in this case surely shatters a basement the community has been built on in the first place. If so then God knows what might be next (who else might be sanctioned...), but the implemented move clearly sends a bad signal to the Linux community new comers, to the already working volunteers and hobbyists like me.

Thus even if it was still possible for me to send patches or perform some reviews, after what has been done my motivation to do that as a volunteer has simply vanished. (I might be doing a commercial upstreaming in future though). But before saying goodbye I'd like to express my gratitude to all the community members I have been lucky to work with during all these years.

you are viewing a single comment's thread
view the rest of the comments
[-] mariusafa@lemmy.sdf.org 18 points 2 weeks ago

Wait linux community is removing maintainters because of their nationality???!!

[-] Nibodhika@lemmy.world 42 points 2 weeks ago

It's not about nationality. Here are the facts:

  1. LF is USA based (headquarters in California), as such they're subject to USA law
  2. USA imposed sanctions on companies that are directly involved in supplying Russia with weapons.
  3. To have business, including receiving help, from those companies would open LF to legal repercussions in the country where they're based.
  4. Baikal Electronic JSC is on the sanctioned list.
  5. Serge Sermin public GitHub profile listed Baikal as their employer

Therefore to not remove Serge from the maintainers would open LF to legal repercussions.

You might not agree with what was done, I certainly don't, but I understand it.

[-] xordos@lonestarlemmy.mooo.com 1 points 2 weeks ago
[-] Nibodhika@lemmy.world 1 points 2 weeks ago
[-] xordos@lonestarlemmy.mooo.com 1 points 2 weeks ago

Just feel things are very different now. Much harder to fight/work around with govt. And this leads to my 2nd link that, kinds of conspiracy, that we maybe already have backdoor in open source projects because they are hard to detect as long as there are pre-build tools.

Anyway, lots of feelings after reading this post...

[-] pound_heap@lemm.ee 40 points 2 weeks ago

Not nationality but alleged involvement with sanctioned organizations. There are plenty of Russian names on maintainers list remaining.

[-] refalo@programming.dev 1 points 2 weeks ago* (last edited 2 weeks ago)

I still don't think something so important should be beholden to the whims of one company (Linux Foundation) or their country's laws (USA).

I would strongly prefer to use an operating system that didn't have this problem. Do any even exist?

[-] kattfisk@lemmy.dbzer0.com 5 points 2 weeks ago

It's a good thing that no one is beholden to anyone then. Which is the entire point of free software.

[-] refalo@programming.dev 1 points 2 weeks ago* (last edited 2 weeks ago)

I was more referring to mainline specifically, otherwise your chances of having many people actually benefit from your changes without a lot of effort is small IMO.

[-] excral@feddit.org 3 points 2 weeks ago

That's the beauty about open source: it isn't beholden to the whims of anyone. If disagree with the Linux Foundation, you're free to make your own independent fork. Others that agree with you can then start contributing to the fork. And this isn't a purely theoretical scenario as it has happend with other open source projects before.

[-] yogthos@lemmy.ml 2 points 2 weeks ago

Indeed we already see stuff like OpenHarmony which was originally a fork of Android by Huawei due to US sanctions on them. I expect we're going to be headed into a world of bifurcated technology between G7 and BRICS. As western countries continue to act in a petulant fashion, developers in the rest of the world will have no choice but to go their own way.

[-] 0x4E4F@infosec.pub 3 points 2 weeks ago

I still don't think something so important should be beholden to the whims of one company (Linux Foundation) or their country's laws (USA).

Exactly my thoughts.

I would strongly prefer to use an operating system that didn't have this problem. Do any even exist?

I was contemplating using FreeBSD, but then I found about the kernel switch to forbid Russian or Chinese usernames and... well, that's not an option as well IMO.

[-] Auli@lemmy.ca 4 points 2 weeks ago

Don’t know the decades of peace we have had is going to end sooner rather then latter. All the big countries are distancing themselves which is not good. When they where codependent on each other, times where stable. Now who knows it’s not going to be what we where used to though.

[-] 0x4E4F@infosec.pub 0 points 2 weeks ago

Sorry, but the US is almost certainly the main culprit here. They're loosing power in every aspect and they want to reinstate that power in every way possible. As any human being, letting go of a position of power is hard. They just can't accept the fact that someone could be better than them in capitalism then them, which the Chinese proved they can.

It served them well when they were 1st, but it's no good when someone else does it.

[-] LeFantome@programming.dev 2 points 2 weeks ago

Not just the USA. Certainly at least the EU as well. I belong to neither.

Not sure what better world you want where we are not “beholden” to laws though.

The GPL is certainly “beholden” to laws as well, including a total lack of developer freedom which I personally disagree with.

For precisely when we disagree, there have to be laws.

[-] Adanisi@lemmy.zip 4 points 2 weeks ago

By "lack of developer freedom", do you mean "lack of ability to take the freedom you got with the code away from the next person?"

Because that's the primary restriction with the GPL.

[-] JackbyDev@programming.dev 2 points 2 weeks ago

The GPL is certainly “beholden” to laws as well, including a total lack of developer freedom which I personally disagree with.

A lack of freedom from being screwed over by companies stealing your code.

[-] refalo@programming.dev 1 points 2 weeks ago

freedom TO vs freedom FROM

[-] LeFantome@programming.dev 20 points 2 weeks ago

Let’s just say this properly ok so that 70 percent of the commenters here might better understand.

Association with some of the people previously on the kernel maintainers list was putting the Linux kernel at risk. The risk was that European, American, and other users may be prohibited from using it. The risk was that entities such as the Linux Foundation could be held in contempt of sanctions and sanctioned themselves. That could mean financial damage or even a full stop to operations.

If the kernel were sanctioned, every entity, individual or company, could be put at risk.

Association with sanctioned individuals put every other maintainer at risk. Being listed together in the maintainers file put many innocent people in extreme jeopardy.

So, let’s say this properly ok…

Some of the maintainers were removed to defend the Linux kernel and the many, many entities ( individual and corporate ) that use it. They were removed to protect the other maintainers and the people and companies that they associate with.

The Linux Foundation, being American, may have been particularly at risk. But “moving” the kernel does nothing. The contributors and maintainers are still wherever they are. Linux users are equally economically dependent on the US and Europe regardless. The issue are the international sanctions. My country has issued them too ( neither American or European ). And blaming the counties that issued the sanctions, instead of blaming Russia, is a very interesting morale position to take ( not getting into that here ).

My first reaction was to have a problem with how this was done. However, once you acknowledge the association, any interaction, collaboration, or communication becomes even more problematic as you KNOW that you are working with sanctioned individuals. So, doing it simply and succinctly was probably best.

this post was submitted on 24 Oct 2024
263 points (89.7% liked)

Linux

48143 readers
757 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS