The whole point of open source was that you can see the code and the commits. We don't need to trust anybody. I feel like banning contributors is just contradicting one of the key benefits of open source.

Wouldn't it be the right thing to just improve the security and vetting of commits to the kernel? After all, it's the Linux Kernel.

Besides, the idea that employed developers with a Russian day job are a risk... but one fails to consider these were the honest ones who declared their day job. Does the threat modelling end there?

What would you do about people who... lie online about where they work? (I know it's impossible but bear with me).

I feel like properly vetting commits to the kernel that does not involve the core contributors and maintainers too much is the way to go. (Tests, dedicated resources, more time in review, commit to a staging branch and ask the world's foremost hackers to find vulnerabilities, etc)

[–] moonpiedumplings 13 points 2 weeks ago (1 children)

The whole point of open source was that you can see the code and the commits. We don’t need to trust anybody. I feel like banning contributors is just contradicting one of the key benefits of open source.

You are misunderstanding why the sanctions happened. It has nothing to do with whether or not the individuals working at those entities are trustworthy or not.

The Linux Foundation is an institute of the United States. The United States has demanded that entities within their jurisdiction, like the Linux Foundation, follow sanctions, and cut contact and interaction with sanctioned entities.

Because the Linux Foundation doesn't want to be punished or pay fines, they follow those sanctions. Nothing to do with trusting the individual contributors or corporations.

What would you do about people who… lie online about where they work?

This is probably what happened. The contributors went home, to their personal emails, and the world kept spinning and no one looked twice.

[–] agilob 6 points 2 weeks ago

Source: https://lwn.net/ml/all/CAHk-=whNGNVnYHHSXUAsWds_MoZ-iEgRMQMxZZ0z-jY4uHT+Gg@mail.gmail.com/

Ok, lots of Russian trolls out and about. It's entirely clear why the change was done, it's not getting reverted, and using multiple random anonymous accounts to try to "grass root" it by Russian troll factories isn't going to change anything. And FYI for the actual innocent bystanders who aren't troll farm accounts - the "various compliance requirements" are not just a US thing. If you haven't heard of Russian sanctions yet, you should try to read the news some day. And by "news", I don't mean Russian state-sponsored spam. As to sending me a revert patch - please use whatever mush you call brains. I'm Finnish. Did you think I'd be supporting Russian aggression? Apparently it's not just lack of real news, it's lack of history knowledge too. Linus

load more comments (1 replies)