Сферический ВК в вакуумеmy take on recent regrettable events in the #linux kernel community. https://laforge.gnumonks.org/blog/20241025-linux-maintainers-russian/
 33 comments
@LaF0rge Thanks, Harald, for this perceptive analysis! While "There IS no politics in Open Source" (said by one of the core kernel maintainers many years ago) was always meant ironical, the issue shows how far daytime reality has moved away from the fundamental rights and values, as written down in the Open Source definition, UN Charta, Grundgesetz and other constitutional documents. For me it shows clearly that it is really time to take side of those fundamentals in a more energic way. @LaF0rge hmm consider: employee might do contributions on company time, working on things important to said company. if the company is engaging in support of warcrimes or whatever, I think it is valid to restrict contributions from said employee. Personally I don't want any company in the "defense" industry to do with anything in my software stack. I think their morals are rotten and I do not trust them to make decisions, as their objectives stray too far from my own. @maris what I fail to see is any evidence. Where is the public record that shows the detailed analysis for each of the removed entries? Like "Joe Doe is currently an employee of Evilcorp [as seen in this LinkedIn profile], the company is listed in this (linked) version of that embargo list". That could all go into the commit message of that one removal. Like it was done, it appears more like people having a mail.ru account were removed because they use that email provider... @wonka samsung is a conglomerate with multiple departments (some of which you probably should exclude), redhat is a huge consulting company with customers distributed in all sectors. a company like Rheinmetall or anduril should definitely be excluded. no second thoughts. @LaF0rge The law makes no distinction between employees of banned companies working on their own time versus on company time. That's the legal basis of the move. And frankly, I wouldn't want that distinction. The companies on the list are there for a reason: they're the ones building the tech used to commit the war crimes. The drones and missiles used run Linux. They can, b/c it's FOSS. But allowing the same people who make the weapons killing Ukrainians participate in our communities is on us. @AdrianVovk again I'm not seeing the chain of evidence in that commit. If I find something that violates a technical spec, then my commitlog would contain a reference to which specific section of which spec says what. Why not have the same level of commit log quality here? Why are we satisfied with "some undisclosed lawyer gave advice to do this" as follow up to an email thread... @LaF0rge @AdrianVovk At least if the lawyer wasn't allowing them to say it, then at least it could have said that, something like 'Our lawyers are telling us...but aren't allowing us to give details, we're working on it.' type of thing would have been much better. @LaF0rge Companies pay their employees to contribute to FOSS if and only if it benefits the companies in some way. Russian defense contractors don't contribute to Linux out of the goodness of their hearts. Letting them keep contributing means they keep benefiting The people that work for these companies but contribute in their free time don't have my sympathy too. Their day job is still building the tools to kill innocent people, and if all that costs them is their hobby then they got off easy @AdrianVovk the freedom of FOSS is the freedom to use it for any purpose. I never really liked that, but licenses that would discriminate against certain use cases [like military] are neither compliant to free software definition nor open source definition. For decades that was the mantra. @LaF0rge @AdrianVovk That is still the mantra and why they don't censor Palantir, Rheinmetall, Lockheed ... @larsmb @AdrianVovk do you have any references to laws that prevent the public debate about sanctions? Since when can we not debate and question or even challenge public policy? @LaF0rge @AdrianVovk Sure, we can and should. But I don't see that as a decision the LF and its associates could have done any different, given that they're bound by law. @LaF0rge @AdrianVovk And very few orgs indeed will come clean with "well the government asked us to so we can continue to get their money". (I need to add a disclaimer here that this is my very personal take, not representative of or informed by my employer, where I'm not in the loop about such decisions anyway.) @larsmb @AdrianVovk In a better world, LF should exist to serve the Linux kernel development community, and not the other way around. And I guess it should rather be registered in Geneva, next to the ITU and other international organizations. @LaF0rge The freedom to use for any purpose is not the same as the freedom to participate in development. @czero @AdrianVovk @LaF0rge While individual contributors might decide to contribute to a free software project "out of the goodness of their heart", no commercial entity, whatever their business actually does. (defense or other sector, no matter) Rather, they see the positive potential of utilizing the combined efforts of other developers as well as their own in maintaining and improving whatever it is they make their money from. @LaF0rge this is a symptom of corporate takeover of Linux. No sanctions target Linus or the foundation directly, but American companies seemingly want to avoid toxic association with sanctioned Russian companies. The common people suffer when powerful people fight.  @dg3hda I believe pretty much any intelligence service of any country has the power to "nudge" anyone either way - if they'd really want to. And who says that there aren't various "sleeper maintainers" under false English names and gmail.com email addresses in the MAINTAINERS file... I think this is all security theater.  @LaF0rge I largely concur with your opinion, except for this bit: “[…] passport, their employer or their place of residence” Ignoring the whole Linux clusterfuck for a moment, why do you feel like employer should be a protected category? My feelings: We must not discriminate against properties one can’t control. Usually who you work for is something you can control. If one works for a company I deem sus, why should I not extend that judgement to it’s employees that freely choose to associate? @ronya I don't really see how the employer matters *except* in cases where the maintained code is something that employer has instructed the developer to submit (like a device driver of a device made by said employer). Developers are not some kind of zombie/property/droid owned by their employer. I would find it an insult if I was reduced to that role/hat. Maybe it's different in today's corporate Linus world. When I grew up people were kernel hackers first, no matter who happened to employ them @LaF0rge In regard to the merits of their patches and this whole Linux compliance & complacency fuckup : Ack. However, your blog sounds like you find it morally problematic to break ties with people based on their choice of employer. Why is that? Why should $community not say: "Your day job stands for something incompatible with our communities values. Hence, you are not welcome here, even though you have merit." Is that really what you are saying, or am I misunderstanding that part?  @LaF0rge Should you as a German resident have been excluded from contributing to some tech project developed by the Allies, if it were 1942 now? Or vice versa, having some American resident excluded from his contribution to developing, e.g. Enigma machine, used by Germans? How about contributions from a murderer, ReiserFS anyone? It is not about someone’s past, the war is raging right now, for fucks sake! If morals mean nothing to you, at least consider security. |
@LaF0rge