• 1 Post
  • 28 Comments
Joined 7 months ago
cake
Cake day: May 17th, 2024

help-circle
  • This isn’t about them being kicked out, this is about the fact we don’t know the process that resulted in this. Was this a decision Linus made after a night coding and thinking about the world? Was the foundation ordered to do it?

    It lacks transparency into the process even if the outcome is fine and the way it was done doesn’t feel transparent, even if it makes sense not to include Russian coders in the project.


  • These projects are so big and complex that even with open-code a malicious actor is sometimes able to insert damaging code. Who suddenly made this decision? Did the US government order them to do this? If the US government can order them to do this, can they order the elevated coding status of a “benevolent” contributor on the US government payroll who is then ordered to put in a very hard to detect exploit? Open code doesn’t mean exploit free, it means exploits are more likely to be patched.



  • It would be much better if the company were not in a place in which gag orders can be issued, leaving questions as to transparency.

    As it stands now, it isn’t clear if Linus is just “grouchy” about this with a unique personality or if the foundation got a NSL and can’t say anything. And that leads to questions about whether there were other NSLs other than this one and if it’s had an impact on the code.

    Exploits are so hard to detect sometimes if done well and often although they get patched… eventually… the damage is done prior to the patch. The US government, despite doing lots of good things, engages in torture. And even if the US government is the “good guy,” this leads to less trust in the open-source ecosystem, no matter what the justification.


  • But seriously, Linus’s comment regarding this was… just… I have no words… he basically put every Russian in the same basket, called them trolls

    There are a huge number of online Russian trolls. That part of his response was not hyperbolic. They do have troll factories there to influence public opinion.

    The problem is this still leads to questions about transparency about the project in general and how this decision was made and whether it was made by those involved in the project or was an order from the US government.


  • Yes, this is exactly my same thoughts.

    This is terrifying.

    I don’t like what the Russian government is doing and Putin is cruel and evil, albeit intelligent (which makes him even more terrible).

    That being said, in the US, government agencies can order a company to do certain things, put in certain code, or whatever and then issue a gag order as part of that preventing disclosure. And although there’s a limit to how much that can screw over open-source software users, we do not know what exploits nation-states have, we don’t know what backdoors are in different chipsets or closed-source firmware.

    If a developer writing open source code can be blacklisted so easily without transparency into the process, it suggests the company is being ordered to do certain things and not disclose them by the US government, which is a government that still engages in torture.

    Notice how they are not coming out and saying “We were not ordered to do this by any government agency.”

    Could the foundation be forced to elevate a developer with government ties who then is able to “accidentally” put in an extremely hard to detect exploit into linux that won’t be detected at first and only patched later?

    I really wish companies associated with linux were not in a country that lacked transparency with government regulations and in which gag orders were not possible.