this post was submitted on 23 Oct 2024

394 points (98.0% liked)

Linux

47840 readers

1861 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

[email protected]

394

Phoronix: Linus Torvalds Comments On The Russian Linux Maintainers Being Delisted (www.phoronix.com)

submitted 1 day ago by [email protected] to c/[email protected]

287 comments fedilink hide all child comments

(page 2) 50 comments

sorted by: hot top controversial new old

[–] [email protected] 37 points 16 hours ago (4 children)

We're gonna start seeing large open source communities start to break into smaller ones because of sanctions from now aren't we?

[–] [email protected] 19 points 15 hours ago (2 children)

This sets such a bad precedent...

[–] [email protected] 27 points 15 hours ago (1 children)

The bad precedent was starting a war

[–] [email protected] 19 points 14 hours ago (1 children)

Yeah I'm sure the maintainers are in talks with Putin directly

load more comments (1 replies)

load more comments (3 replies)

[–] [email protected] 14 points 17 hours ago (1 children)

He alludes to sanctions being a factor but never clarifies on advice from his lawyers. ngl I don't like the look of it just from a transparency perspective.

load more comments (1 replies)

[–] [email protected] 48 points 18 hours ago (2 children)

As a finn, I understand that there are probably legal reasons for doing this.

I just wish they would be transparent and share those reasons with us. The Linux kernel is certainly not the only free software project that is impacted, if this comes straight from EU/US sanctions. Maintainers of other projects have a lot of interest in what is happening.

Transparency is also important because if EU/US policy/sanctions are causing issues for free software projects, then that discussion needs to be public, so that there is a chance to amend the policies if necessary.

[–] [email protected] 11 points 17 hours ago (4 children)

Politics should not be on FOSS development.

[–] [email protected] 6 points 14 hours ago

FOSS is inherently political though, but I guess you mean country vs country politics moreso than ideological politics.

[–] [email protected] 5 points 14 hours ago (1 children)

That is hardcore wishful thinking, the nature by which critical digital infrastructure is developed and maintained is of keen importance to political systems everywhere. This situation was inevitable with the ongoing escalation of war

[–] [email protected] 4 points 14 hours ago* (last edited 14 hours ago)

That's why the "should be" I guess, though that's not to say there aren't idiots (right in this thread too) actually shilling for this.

If current open source licenses still have flaws like this, we're gonna need new ones.

load more comments (2 replies)

load more comments (1 replies)

[–] [email protected] 2 points 19 hours ago

fremdscham++ 😬

[–] [email protected] 2 points 19 hours ago* (last edited 19 hours ago) (3 children)

Hm i never coded a line in my life, but i always wondered so honest question to the experts here: is it realistic that someone codes security back doors so hidden in other bad or wrong documented code, that nobody recognizes it in OSS community? I mean code is getting more complicated and specialized, dont you need more and more human resources (more than one person and hopefully not all with a bad intention) to check over that code? If im correct you shouldnt let more code into your software than the community is able to check an validate several times... Doesnt mean it has to be russians that need to be excluded idk

[–] [email protected] 1 points 18 hours ago (1 children)

Interesting answers, thanks!

load more comments (1 replies)

[–] [email protected] 15 points 18 hours ago

Yes, not only is it realistic, it has actually happened. It's easier to write code than understand it. Even when reviewing code, you miss more or less obvious issues. Not to mention intentional vulnerabilities that can be sneaked in over multiple commits and time span long enough to make reviewers forget the larger context.

[–] [email protected] 4 points 19 hours ago

There will be a million security issues across all OSS. Some of it will be intentional; if so definitely don’t expect it to be a “findable” back door. It will be a set of vulnerabilities across several projects, that when combined allow the perpetrators privilege-escalations or a known path through a security system. Removing “Russians” from contribution doesn’t actually stop that, everyone can use a VPN and work as an American or whatever, but it does send a signal.

load more comments