my take on recent regrettable events in the #linux kernel community. https://laforge.gnumonks.org/blog/20241025-linux-maintainers-russian/

@LaF0rge Thanks, Harald, for this perceptive analysis! While "There IS no politics in Open Source" (said by one of the core kernel maintainers many years ago) was always meant ironical, the issue shows how far daytime reality has moved away from the fundamental rights and values, as written down in the Open Source definition, UN Charta, Grundgesetz and other constitutional documents. For me it shows clearly that it is really time to take side of those fundamentals in a more energic way.

@LaF0rge Companies pay their employees to contribute to FOSS if and only if it benefits the companies in some way. Russian defense contractors don't contribute to Linux out of the goodness of their hearts. Letting them keep contributing means they keep benefiting

The people that work for these companies but contribute in their free time don't have my sympathy too. Their day job is still building the tools to kill innocent people, and if all that costs them is their hobby then they got off easy

@AdrianVovk the freedom of FOSS is the freedom to use it for any purpose. I never really liked that, but licenses that would discriminate against certain use cases [like military] are neither compliant to free software definition nor open source definition. For decades that was the mantra.

@LaF0rge The law makes no distinction between employees of banned companies working on their own time versus on company time. That's the legal basis of the move.

And frankly, I wouldn't want that distinction. The companies on the list are there for a reason: they're the ones building the tech used to commit the war crimes. The drones and missiles used run Linux. They can, b/c it's FOSS. But allowing the same people who make the weapons killing Ukrainians participate in our communities is on us.

@AdrianVovk again I'm not seeing the chain of evidence in that commit. If I find something that violates a technical spec, then my commitlog would contain a reference to which specific section of which spec says what. Why not have the same level of commit log quality here? Why are we satisfied with "some undisclosed lawyer gave advice to do this" as follow up to an email thread...

@LaF0rge this is a symptom of corporate takeover of Linux. No sanctions target Linus or the foundation directly, but American companies seemingly want to avoid toxic association with sanctioned Russian companies.

The common people suffer when powerful people fight.

@LaF0rge @AdrianVovk That is still the mantra and why they don't censor Palantir, Rheinmetall, Lockheed ...
The US and the EU are flexing their weight (not just when it comes to warmonger Russia), and organizations are legally required to comply and won't - can't, really - be publicly discussed.
And of course it's, in many ways, hypocritical. (And impacts individuals negatively at least, like all sanctions.)
But the OSS world can't escape Conway's Law.

@ronya I don't really see how the employer matters *except* in cases where the maintained code is something that employer has instructed the developer to submit (like a device driver of a device made by said employer). Developers are not some kind of zombie/property/droid owned by their employer. I would find it an insult if I was reduced to that role/hat. Maybe it's different in today's corporate Linus world. When I grew up people were kernel hackers first, no matter who happened to employ them

@ronya I think a peoject/community could of course have such a policy / determination, yes. But then I didn't see any such decision-building or policy with some consensus before this incident. My apologies if I missed it. I also didn't see any reporting on adressing the affected developers.

@larsmb @AdrianVovk do you have any references to laws that prevent the public debate about sanctions? Since when can we not debate and question or even challenge public policy?

@LaF0rge @AdrianVovk At least if the lawyer wasn't allowing them to say it, then at least it could have said that, something like 'Our lawyers are telling us...but aren't allowing us to give details, we're working on it.' type of thing would have been much better.
I disagree with you over the companies/individual thing though - the mailmap translates between addresses, and when working for companies developers normally say - the copyrights they use are normally company not personal.

@LaF0rge @AdrianVovk Sure, we can and should. But I don't see that as a decision the LF and its associates could have done any different, given that they're bound by law.
What I meant is that no business will publicly discuss their reasoning behind this. The legal departments would throw a fit.
I'd love for sanctions to have FLOSS exemptions, but I'm not sure how realistic that is.

@LaF0rge @AdrianVovk And very few orgs indeed will come clean with "well the government asked us to so we can continue to get their money".
Some countries (Australia, US?) have actual secrecy laws IIRC.

(I need to add a disclaimer here that this is my very personal take, not representative of or informed by my employer, where I'm not in the loop about such decisions anyway.)

@AdrianVovk @LaF0rge

>Russian defense contractors don't contribute to Linux out of the goodness of their hearts

1. citation needed

2. can we stop this "defense contractor" bs? Baikal produced some MIPS and ARM-based SoCs for internal market, including SOHO segment. Russian MoD bought some of these, just like any other customer, and that's about it. *Real* Russian defense contractors operate under very strict NDAs and they would never ever make their efforts public. Let alone public for American NGO aka Linux Foundation, they'd be prosecuted for that.

3. this particular developer got his maintainer's status not for his Baikal upstreaming work but for volunteering work on projects unrelated to his employer and in his free time. This is pretty clearly described in his LKML post, which you apparently skipped (but decided to make judgements anyway)

@LaF0rge did you think about the protection this gives to russian maintainers? Russia might nudge or force those maintainers to do something for its hybrid, low level war. They are no longer a target for this.

@dg3hda I believe pretty much any intelligence service of any country has the power to "nudge" anyone either way - if they'd really want to. And who says that there aren't various "sleeper maintainers" under false English names and gmail.com email addresses in the MAINTANERS file... I think this is all security theater.

@dg3hda @LaF0rge "fun" fact: contributing to Linux is technically a crime in Russia

@cybertailor @dg3hda any pointers / backtround regarding that claim ("contributing to linux is technically a crime in Russia")? Not a rhethorical question, just being curious.

@larsmb @AdrianVovk In a better world, LF should exist to serve the Linux kernel development community, and not the other way around. And I guess it should rather be registered in Geneva, next to the ITU and other international organizations.

@czero @AdrianVovk @LaF0rge While individual contributors might decide to contribute to a free software project "out of the goodness of their heart", no commercial entity, whatever their business actually does. (defense or other sector, no matter)

Rather, they see the positive potential of utilizing the combined efforts of other developers as well as their own in maintaining and improving whatever it is they make their money from.

@LaF0rge Well, Switzerland also sanctions Russia.

Getting supranational status for a FLOSS org and its contributors including a certain level of diplomatic immunity seems, uhm, highly ambitious?

Kernel.org is also a 501(c)3 organization and likely (IANAL) subject to similar requirements.

The whole point of these sanctions is to be, uh, an imposition on the target countries, including their citizens.

I'm really not sure what anyone was expecting in a world where nations are a thing (still)?

@larsmb The quetsion IMHO is less whether there are sanctions against Russia[n entities], but whether those sanctions really prevent the kind of collaboration you see in FOSS projects like the Linux kernel. I fully understand sanctions in the traditonal trade sanctions sense if there was any payment or other transfer of funds for services/goods.

@LaF0rge This is exactly how I feel too, plus honestly, Linus’s response was a real letdown since I've always seen him as a bit of a role model.

Just to be clear, I'm not strongly against the removal itself, I get that it’s important to protect developers and the infrastructure from legal headaches. But it’s the way it was handled that bothers me, and I know I’m not the only one who feels this way.

Within my own circle, this whole thing has left the Linux Kernel's reputation pretty dented, which I hate to see. That’s why I've been so vocal, whether it’s commenting on the original patch [1], replying to Serge’s farewell letter [2], or even starting another thread that, yes, stirred up a bit of a heated debate [3]. I was just hoping something positive might come out of it to help fix the damage. Some people have painted me as a troublemaker, which wasn’t the aim at all, but I really do appreciate everyone who’s backed me, both on and off the list.

[1]: https://lore.kernel.org/all/418359de-e084-47f9-9090-7980e41661e0@flygoat.com/
[2]: https://lore.kernel.org/linux-mips/2f203b14-be13-4eef-bcb1-743dd9e9e9bd@app.fastmail.com/
[3]: https://lore.kernel.org/all/73b8017b-fce9-4cb1-be48-fc8085f1c276@app.fastmail.com/

RE: https://chaos.social/@LaF0rge/113371797274216525

@LaF0rge the problem with your analysis is that while we may understand how a community works, the Treasury (sanctions enforcer) doesn't. It operates on the assumption that employees always act at the direction of their employer, and that every organization behaves like a corporation.

@jejb well, then it seems there is a need for discussion/education/explanation. I presume that is underway in parallel. Still, it doesn't explain the "style", lack of commitlog details, ... also Linus' response?!? - I really do not think [and could not have imagined] this is how Linux kernel co-maintainers treat each other. I'm no longer involved, so I didn't want to weigh in on lkml. But if I see something that just feels so utterly wrong on all levels, I had to express it in some way elsewhere

@jejb it's something the current community of Linux kernel maintainers has to figure out. If they are fine with that way/stylr of implementing something like this, so be it. I was literally emotionally devastated for two days by it *despite* being more than a decade away from kernel work. You can ask my wife in Tokyo in two days, I'm not kidding :/

@LaF0rge I tried to begin the explanation here

https://lore.kernel.org/all/e7d548a7fc835f9f3c9cb2e5ed97dfdfa164813f.camel@HansenPartnership.com/

But I'm a bit hamstrung because the legal document isn't yet public

@LaF0rge hey, if you're going to the compliance summit that's great news! see you soon.

@jejb yeah, I'll be at the Open Compliance Summit in Tokyo the next two days. Taking a flight later today from a brief visit in Taipei. Looking forward to seeing you there!

@LaF0rge @bagder

Sanctions enforcement is not a joke, and there is a reason even chinese banks comply with cutting russians off.

Going with your analogy, if hypothetically a non-NATO member Germany would start a war and others would sanction Germany, you as a german developer would rightly get removed from kernel maintainers lists. This is how sanctions work.

I can’t believe this is controversial, programmers are attempting international law and failing again.

@szbalint @LaF0rge I would still expect (and ask for) transparency

@LaF0rge What I also find bizarre is that file is effectively a public record and recognition for efforts provided. How could a legal sanction prohibit such a statement? It's effectively a statement of fact. Can a sanction go as far as to simply erase a person's bona-fide contribution to something?

@proactiveservices Sorry, I think you are mixing CREDITS (recognition) with MAINTAINERS (responsibilities/points of contact)

@LaF0rge As a German: Yes. If it's 1942 and you found someone working at Thyssen or something contributing to the Linux kernel, you should absolutely kick them out. Some of our current problems are due to Nazis not getting kicked out vehemently enough after the war.

The naivete of your comparisons makes me a bit angry TBQH. Russia is actively fighting an unjust war today - including in the information sphere. Germany hasn't been doing that for 80 years.