| Rich Freeman via plug on 24 Oct 2024 12:33:43 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Torvalds boots Russian kernel maintainers |
On Thu, Oct 24, 2024 at 1:14 PM K.S. Bhaskar via plug <plug@lists.phillylinux.org> wrote: > > I thought one of the aspects of open source is that the code matters > more than the coders. I would like to understand why the Russian > coders were removed. If the concern was backdoors in their code, > one would hope that any commits to the kernel are vetted by enough > eyeballs. If the concern was about intellectual property in their > code, there are safeguards against that. Or was it political? If that > last, it doesn't make sense because good code is good code, and bad > code is bad code, regardless of who writes the code. > The obvious argument is sanctions, but it is a bit hard to see how accepting somebody's donation is providing them a benefit under those laws - I'm not a lawyer, however. Sanctions are an area of growing risk since they're increasingly being applied to what used to be ordinary commerce, and of course Russia/China/Iran are politically sensitive in the US right now. I don't see how it improves security. We could only be so lucky as to have malware from the PLA/CIA/whoever exclusively submitted from obvious government/country-associated email addresses. I can't imagine that any intelligence agency would have difficulty obtaining a gmail account. Linux has tended to apply security theater in this way in the past though. They banned a university because they disclosed that they had been intentionally submitting bugs to see if they would be detected. Note that they weren't banned UNTIL they disclosed what they were doing, which kinda suggests that if they had just kept doing it quietly nobody would have done anything to stop it. They were even being a bit obvious about it, probably since it was a research project and it wasn't so much about getting away with something as seeing how much they could get away with. Honestly, this is kinda why I think ESR is right about needing to eliminate dependencies on hosted services to operate FOSS projects (like github/etc). The trend seems to be increasingly towards everybody having to choose a side and if we're banning .ru domains today, I'm sure we'll be banning other suffixes in the future. The world population is pretty evenly split across these loose political alliances, though historically the US-aligned countries have tended to host most of the FOSS. If we start seeing more India/Brazil/whatever-based alternatives to Gitlab/Github/AWS and such that wouldn't be a bad thing. I think we're a long way from the time when FOSS advocates were doing things like printing PGP in a book and daring somebody to file ITAR charges. -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug