About a dozen developers based in Russia have been removed in a commit by Greg Kroah-Hartman to the Linux Kernel MAINTAINERS file, Phoronix reports: https://www.phoronix.com/news/Russian-Linux-Maintainers-Drop. The reason given for the removal is vague: "Remove some entries due to various compliance requirements."
Controversial Linux VLogger Bryan Lunduke reports that this has happened due to US presidential executive order 14071, which sanctions IT collaborations with Russian residents (https://www.youtube.com/watch?v=L5Ec5jrpLVk).
Linus himself backed the actions, The Register quotes him with "I'm Finnish. Did you think I'd be *supporting* Russian aggression?" https://www.theregister.com/2024/10/23/linus_torvalds_affirms_expulsion_of/
This will likely have far reaching consequences, going vastly beyond the Linux kernel, with any FLOSS organization in the US or under direct US influence having to ban Russian contributors before the end of the year.
(Score: 3, Insightful) by JoeMerchant on Saturday October 26, @03:08AM (2 children)
We made a Finnish friend when we lived in Houston, 20 years ago.
She's back in Vantaa now, running a couple of McDonalds - because she enjoyed working in them when she was a young girl.
Her comment on Russia last we saw her, about 8 years ago: "Putin is insane, mostly hot air but you never know when he will actually do one of the crazy things he says. Very scary to live next to."
Good thing certain other insane politicians won't be living to 2036:
🌻🌻🌻 [google.com]
(Score: 4, Insightful) by Anonymous Coward on Saturday October 26, @04:26AM
If he's still around in 2035 there will be another constitutional amendment to give him a few more terms.
(Score: 0) by Anonymous Coward on Monday October 28, @01:09AM
I'm eagerly awaiting the commit to remove US-based maintainers for the invasion of Iraq, Afghanistan, that dumpster fire in Vietnam, the bombing of Hiroshima and Nagasaki, the shit they did in Panama and the rest of South America, the smuggling of weapons across the border in to Mexico that killed a border patrol agent, the drone-strike on a wedding party, near extermination of native american tribes, and about 1,000 other incidents where they meddled in other people's lands.
Maybe we should just ban all maintainers everywhere because whatever country they happen to have been born is in evil, stupid, and bad. Yeah...that's it. Don't develop good software...just be political. Always.
(Score: 3, Insightful) by Anonymous Coward on Saturday October 26, @05:24AM (10 children)
Anyone willing to fork a non-political kernel? Or will the idea of FLOSS go up in smoke?
(Score: 2) by HiThere on Saturday October 26, @05:48AM (4 children)
Where are you going to host it? Perhaps New Zealand? When cryptography was a "munition", Europe was willing to host the FOSS code, but the world has gotten smaller and more interconnected. And neither the Moon nor Mars is ready,
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 0) by Anonymous Coward on Saturday October 26, @06:00AM
*sigh* I guess it's hopeless. Looks like we're doomed.
(Score: 2) by ls671 on Saturday October 26, @07:11AM
Host it in a container in the middle of the ocean and have your own cube satellite for transfers?
Everything I write is lies, including this sentence.
(Score: 4, Insightful) by Unixnut on Saturday October 26, @08:54AM
It is a tricky situation. In the past business (and the general public) was kept separate from politics. This includes even during large conflicts like WWII when countries on opposite sides would trade and do business with each other despite fighting on the battlegrounds.
Yet in the last 10-15 years there has been an increasing politisation not only of business, but of every facet of life in "The West", hence the rise of cancel-culture with businesses and individuals discriminating based on another individuals personal politics. That was bad enough for the disruption and further polarisation it was causing (especially in the USA from what I see, where its reaching a serious level of dysfunction) but it has been extended to discriminating based on the country where that individual is from rather than their personal public opinions.
I mean, if everyone behaved that way all international collaboration would cease. Some ban Russians due to what Russia does, others ban Israelis for what Israel does, some ban all the EU/NATO countries for what they do, and before you know it its basically impossible to do any cross border collaboration with anyone.
For me at least, I don't feel having the world collapse into fractured pieces unable to collaborate is better than the previous system, especially as that is usually the first step towards those pieces not being able to peacefully coexist with each other in other ways.
(Score: 2) by Nuke on Saturday October 26, @12:21PM
How about Tuvalu. They host anything.
(Score: 2) by fraxinus-tree on Saturday October 26, @07:00AM (1 child)
We do have a non-political kernel. It is called Linux kernel. Russians are out clearly not because of politics.
(Score: 4, Touché) by Anonymous Coward on Saturday October 26, @08:51PM
You are wrong. Cutting people off just because they are Russian is pure politics. Same principle used to rationalize creation of the Japanese/American internment camps.
(Score: 4, Touché) by shrewdsheep on Saturday October 26, @10:55AM
NP-FLOSS is NP-hard.
(Score: 1, Funny) by Anonymous Coward on Saturday October 26, @04:26PM (1 child)
Do it yourself Putler's troll.
---
Slava Ukraini! Slay the orcs!
(Score: 0) by Anonymous Coward on Saturday October 26, @09:44PM
Heh, you monkeys are a great reminder of the old McCarthy days.
(Score: 5, Interesting) by RamiK on Saturday October 26, @08:20AM (17 children)
I did some couch lawyer'ing and it does indeed seem like it's not enough to just remove them from the Maintainers list but outright ban them. Specifically, the 14071 [federalregister.gov] clause that states "the exportation, reexportation, sale, or supply, directly or indirectly, from the United States, or by a United States person, wherever located, of any category of services as may be determined by the Secretary of the Treasury, in consultation with the Secretary of State, to any person located in the Russian Federation" (emphasis mine) seems to have been triggered when the Secretary of Treasury expanded the list of banned services in June which have just taken into effect:
( https://ofac.treasury.gov/faqs/added/2023-05-19 [treasury.gov] )
They also link an FAQ with examples of what kind of services are covered which kinda spells out software development:
( https://ofac.treasury.gov/faqs/1187 [treasury.gov] )
The thing is, if the treasury now considers voluntary, unpaid code contributions as transactions of services, shouldn't they be declared as deductibles or taxed in some way? And where would that leave academic publications? Smells like this one is headed to court.
compiling...
(Score: 5, Informative) by janrinok on Saturday October 26, @09:03AM (3 children)
Linus Torvalds Comments On The Russian Linux Maintainers Being Delisted [phoronix.com]
https://www.theregister.com/2024/10/23/linus_torvalds_affirms_expulsion [theregister.com]
There has been several updates to the original story. It seems that legal advice has been/is being sought but that US law has to be complied with.
I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
(Score: 2) by janrinok on Saturday October 26, @09:08AM
* there have been
I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
(Score: 2) by RamiK on Saturday October 26, @11:10AM
While the the update gives an example of a specific instance of an employee working for a company named on a black list which suggesting only that's at play, not only does it also mentions there's different sanctions affecting different entities, I sincerely doubt companies won't be able to just let go of the developers and then sub-contract them to submit the patches for them so to avoid such black lists. So, eventually, I suspect the regulator will put the wider services category bans into effect if it hasn't already.
compiling...
(Score: 3, Interesting) by Reziac on Sunday October 27, @02:36AM
Well, here's a question. Okay, I see the legal problem, if linux is to continue being developed within the reach of US law.
But... what other countries are affected?? Seems to me it could be declared "munitions" and subject to the same restrictions, as I vaguely recall has happened with other software.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 3, Insightful) by janrinok on Saturday October 26, @09:07AM (6 children)
It seems that legally, allowing Russia (and any other potential aggressor) to directly modify or influence the modification of the kernel could be interpreted as 'providing technical assistance' to them. Doing so would be contrary to US law currently. This is still much legal debate to come...
I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
(Score: 2) by janrinok on Saturday October 26, @10:18AM (5 children)
This is particularly pertinent because it allows Russia to use the Baikal CPU to run linux.
I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
(Score: 3, Interesting) by Unixnut on Saturday October 26, @11:28AM (4 children)
I don't see how this would stop them? Worst case scenario is they fork the Kernel and add their patches for local CPUs while tracking upstream changes.
(Score: 2) by janrinok on Saturday October 26, @03:56PM (3 children)
I didn't suggest that it would stop them. But anyone aiding them who was subject to US law might still be guilty of 'providing technical assistance'. The Baikal CPU is being used in many of their drones and 'smart' weapons.
Of course it can be forked. But, even if they should follow that path, they will not find the same support from many other kernel contributors. I don't think that Torvalds or any other maintainers have done this without having been told the legal possibilities of their actions - several of the sources have suggested that this is, indeed, what has prompted the ban.
Another thing that has occurred to me is that there are plenty of US businesses who would love an excuse to clip linux's wings, or even have it declared illegal, or perhaps have key players dragged through the courts charged with providing technical assistance to a potential or actual enemy. Microsoft springs to immediate mind but there are plenty of others. This is entirely speculative, but we have seen similar attempts over the last 20 years of more.
I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
(Score: 3, Interesting) by Unixnut on Saturday October 26, @04:12PM (2 children)
Well ok, but if Baikal is an indigenous development then it is not subject to US law. Sure no one subject to US law can provide technical assistance to the development of the CPU, but I don't see what that has to do with the Linux kernel?
Well, I doubt anyone was giving them support beforehand for a CPU architecture nobody outside of Russia uses? If they fork the Kernel they only have to maintain their own patches for their CPU arch. The rest of the kernel is written in C and is portable, so if they want new kernel features they just have to pull from upstream, merge them into their fork and be on their merry way.
In many ways it seems this would negatively impact the rest of the world more than Russia because any feature improvements or benefits from those maintainers cannot be merged back into the mainline kernel.
The only way this could negatively affect Russia's use of Linux would be some kind of "Great firewall of USA", which would effectively block Russia's access to all upstream sources, then they would be forced to maintain the entire kernel stack themselves and it would diverge from mainline with time. However I don't see it likely that such a block could be implemented even if there was a will to do so.
I doubt Linus made this decision without legal consultation as well, and as the lead and founder of the Linux kernel project it is well within his rights to ban anyone from his project he so desires for any reason he wishes. They are all volunteers to the LKP anyway so it isn't like anyone can sue Linus for loss of income or unlawful termination of employment.
Interesting angle, one I have admittedly not considered. I doubt MS would do such a thing nowadays as they seem to have lost interest in full-fat OSes nowadays, and they seem to be trying a different tack with taking control of Linux rather than the legal route (which was tried with SCO way back when to no success). Dragging someone through the courts for the purpose of destroying their life (a-la Assange) is a possibility but I think it is more likely to be reserved for public figures that have influence over the masses, rather than FLOSS developers.
(Score: 2) by janrinok on Saturday October 26, @04:35PM (1 child)
The maintainers concerned are involved in integrating the Baikal drivers into the kernel amongst other things.
But it has NOTHING to do with kernel development. It is that, under current US law, anyone providing support to Russia is guilty of an offence. The is being driven either politically or mischievously in my opinion.
I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
(Score: 3, Interesting) by Unixnut on Sunday October 27, @07:48AM
Sorry, I thought the entire topic of conversation was to do with kernel development, specifically the banning of maintainers because of where they come from.
Hmm, I don't know the specifics of US law, but "providing support" is a really broad definition. I mean lets say hypothetically I am a US citizen and am under US law. If I make an open source project that some Russians download and make use of, could that not be considered as "providing support"?
If it is, then I can't see how anyone under US law could ever publish anything as open source, or even contribute to existing FLOSS. They could be held liable for others using it while they themselves have no control over the distribution of said software.
It is not like proprietary software where you don't provide the software unless a legal agreement is in place, in which case you can clearly see who you are selling the software to. As such I can't believe that the US law would be so counterproductive to its own interests, unless of course as you say, this is a roundabout way to effectively ban anyone in the US from developing FLOSS software (because what volunteer wants to deal with the expense and paperwork of making sure they are not in violation of sanctions).
(Score: 3, Informative) by Thexalon on Saturday October 26, @10:45AM (5 children)
I'd add here that somebody, say an intel agency, trying to sneak a subtle backdoor into FLOSS software by volunteering contributions is not an unfounded concern. It's happened several times in the last year. So frankly I'm rather understanding of the US government's position on this one.
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin
(Score: 5, Touché) by Unixnut on Saturday October 26, @11:23AM (4 children)
I don't know, considering how many times the NSA has been suspected of sneaking backdoors in everything from FLOSS to the actual silicon, the rest of the world should avoid anything involving or connected to the USA by the same logic. Same deal with anything from China actually as well, and quite a few European countries.
Quite frankly if we go down this rabbit hole we will end up in a situation where every country has to maintain its own forks of FLOSS running own their own home grown silicon with no cross collaboration, which I don't think would help progress or be beneficial to quality of life.
(Score: 2) by Thexalon on Saturday October 26, @04:02PM (3 children)
Oh, I know full well that all governments with that kind of capability have the position of "our backdoors are good and righteous and only exist to protect Freedom (tm), but their backdoors are evil and will be used for evil."
But also, Russia has been very specifically busted doing all kinds of interesting things lately, mostly in an effort to disrupt US and European support for Ukraine. Can't blame 'em for trying as the US certainly does in similar situations, and you can decide for yourself if you think that's a good thing or a bad thing, but you can certainly understand why the US doesn't want to make it easy for them.
Another aspect of having every country with their home-grown silicon, if that indeed is the future, is that the only backdoors they'll want to sneak in there are for spying on their own people rather than spying on other country's people. Although I'm not sure to what degree they have to, since most people will give up all kinds of personal data to go catch Pokemon.
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin
(Score: 0) by Anonymous Coward on Saturday October 26, @11:13PM (1 child)
Actually, I do blame them for killing Ukrainians and stealing their stuff, with the final goal pretty clearly being stealing all the natural gas.
(Score: 2) by Reziac on Sunday October 27, @02:42AM
Considering Russia produces about 30x as much natural gas as Ukraine, that seems a trifle petty...
https://en.wikipedia.org/wiki/List_of_countries_by_natural_gas_production [wikipedia.org]
[I believe those are prewar numbers]
https://www.worldometers.info/gas/gas-production-by-country/ [worldometers.info]
And there is no Alkibiades to come back and save us from ourselves.
(Score: 2) by Unixnut on Sunday October 27, @08:04AM
Well I can't blame them either, considering the sheer number of sanctions levied against them as well as both direct and indirect military support given to their opponents, if all they are doing in return is trying to compromise software then its actually under-responding (which is probably a good thing, had they responded symmetrically we would probably be in a global war already).
Saying that, you don't have to be in an active conflict to try to compromise and backdoor systems. I know China had the finger pointed quite a bit recently with regards to backdooring networking gear, then there was the NSA fingered for backdooring networking gear, and Israel was fingered for backdooring mobile phones (especially of politicians and people of interest). None of these countries are in an active hostilities against each other
So everyone who has the capability to do so, does it, all the time. They even do it to each others allies (I still remember the "shock" in the media when it was discovered that the NSA bugged Angela Merkels phone).
So to ban developers and maintainers not because they did anything wrong, but because of where they come from seems unethical to me, especially considering the hypocrisy of it (as if you are going to apply this ban equally, pretty much everyone from a developed nation would be banned).
Paradoxically though I think such a situation would be bad for individual freedoms. For example if every country had its own tech stack from the silicon up to things like communications and social media, it would be impossible to be a whistleblower.
You want to expose some huge crime, but you can't as your governments tech stack actively blocks you and/or spies on you to make sure you are arrested before you can do anything. You can't use another countries system because none of your countrymen have access to those systems to even read about the crime, so they remain ignorant in their bubble.
Currently all the worlds systems interoperate. Hence if you are a US whistleblower it is best if you use Chinese/Russian tech to spread your message, while if you are a Chinese/Russian whistleblower it is best if you use US systems. However that fails if you can't actually make use of foreign systems to spread your messages.
As for harvesting personal data, as you mentioned, most people will give it away freely, but there is nothing much you can do about that except try to educate people about why privacy is important.
(Score: 3, Insightful) by Nuke on Saturday October 26, @12:15PM
So did Linus just check the Yahoo news page for the first time in two and a half years?
If this comes from USA government pressure, does the USA own Linux? I thought it was supposed to be international and non-political, and would not ban contributions or usage based on politics, religion, nationality etc. If the USA is concerned about Russian input to Linux, would it not be more logical (and within its power in theory at least) to ban their own citizens from contributing to or using it?
Anyway, if we are concerned about Russan backdoors in the code, what happened to the idea of the scrutiny of open source code by many eyeballs?
(Score: 3, Informative) by Revek on Saturday October 26, @01:16PM
You can't trust anything from russia these days. The antics of the russian dictatorship keep it from being a possibility.
This page was generated by a Swarm of Roaming Elephants
(Score: 0, Interesting) by Anonymous Coward on Saturday October 26, @01:21PM (1 child)
He is so against Russian aggression and Finnish defense that he ran/moved to the other side of the world. Could he be further away and still be on the planet?
(Score: 5, Interesting) by Thexalon on Saturday October 26, @04:13PM
that as a young man, Linus chose to go through officer training in the Finnish Navy, and completed his military service a 2nd lieutenant with a specialty in artillery observation.
Finland has universal conscription, and there are lots of ways of doing your national service, but he chose to be trained in blowing up Russian stuff. And yes, it is absolutely Russia that Finland has trained to fight for at least a century, mostly due to the Winter War in 1939 where Russia tried to conquer Finland.
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin
(Score: 2) by looorg on Saturday October 26, @01:25PM
What will this accomplish more then possibly that Astra Linux will get some more people working/developing on it then. The removal of them seems somewhat administrative and political. Almost pointless. After all it's a free product, anyone can download it. Unless they want to cut Russian from the Internet it would seem hard to cut them out of the Linux world.
It's Kernel vs Distro but still. Not sure what this will really accomplish besides filling some legal obligations.
(Score: 3, Interesting) by ShovelOperator1 on Sunday October 27, @04:11PM
Now this what happens is quite strange and looks more and more like trying to cover some bad bureaucratic order. However, it must be analyzed without any personal inclinations or we will get a flamewar. It may be hard, I'm also from a country which had negative experiences with Russia, but if it is made around a law of democratic country, we should not use emotions to process this.
Sanctions were made for a very specific task, and in fact looking at whose bombs are now dropped in Arabic countries, USA should get the sanctions too. However, the objective here is clear: To avoid helping economically the country that starts wars. Like this corporation-hated consumers boycott, but in an international deals scale.
The problem is that in the famous commit about "removing some entries", it doesn't look to be imposed on a corporate scale. Is there any law stating that ALL users from sanctioned Russian corporations have .ru mail domain? :-). While there are users that indeed, are working in Russian corporations, for other I could not find such data. And, while I haven't verified all maintainers, the commit pulled every .ru address and one at Gmail. Because everyone can make an e-mail address everywhere, this is no way definitive method to determine which is a member of a sanctioned Russian corporation and which is some hobbyist, or even someone outside of Russia that just wants a bit more anonymity and uses address in a country that is in "the other side" (the motivation for these is locating an e-mail address in a country which will not easily divulge data to the country you want to interact later, so USA-Russia, Japan-China, Germany-Belarus, France-Arabian countries are good examples). This just looks more like... some private vendetta.
The only exception I see is if the Russian e-mail provider itself is on the sanctions list. I checked a few of them - they are not.
Do we really want so much to produce ID when creating an e-mail address? What next, the government permissions for using the Internet like in some North Korea?
And... Do You see an enormous bad assumption I made here?
I included the typical assumption when someone is from outside Russia (or just made an e-mail address outside of .ru) - this maintainer stays. Probably from Russian corporation - gets ejected. This is totally OK, but only with the USA point of view. Assuming this location "buckshot" was 100% accurate, what if someone works for a sanctioned corporation, but such maintainer does totally separate things there, and makes a patch in a free time?
This is totally acceptable in the European point of view - you have a work time when you work, and you have a life including hobbies, some small projects you do, and you don't mix them or you'll get a burnout quickly. However, in the USA, it is different and it was seen a few times in the Open Source world (err err, KiCad's autorouter, err err). In mentality prevalent in the States, it looks like the employee is the property of the employer, including the time after work. I don't know how Americans would call the situation that one person is the property of the other, but in the Europe we usually call it slavery.
I also don't buy the "read the news" argument mostly because later, it looks like "everyone who does not agree with me is a Russian troll!" thought-terminating slur.
The later explanation, blaming the maintainers' employers, is literally putting a weapon into real Russian trolls' hands. Do Linux maintainers really want Russian Internet to be filled with the dubious quality information that they support slavery? Really?
There is one more, unfortunately darker alternative. If it was outside of Linus' reach to control this commit and it happened with a bureaucratic slip in the US government, it could mean, but, one more time, it needs to be thoroughly verified, that other articles of US law influence the Linux kernel development. And there are many law acts that allow to implant government backdoors into system's kernel. One of the oldest after telephones is the 1994 act with telecommunications, this seems to be used for everyone. I also read about the FISA Section 702, which allows to install backdoors, with the exclusion US citizens. But, now we already have normalized the by-domain banning of users, so why not install backdoors because... Oh, look! There is some text in foreign language there! This must be a non-US citizen!.
A few links:
- The commit with removals: https://lore.kernel.org/all/2024101835-tiptop-blip-09ed@gregkh/ [kernel.org]
- The commit with later explanation: https://lore.kernel.org/lkml/e7d548a7fc835f9f3c9cb2e5ed97dfdfa164813f.camel@HansenPartnership.com/ [kernel.org]