this post was submitted on 24 Oct 2024
1059 points (96.9% liked)
Technology
60052 readers
2809 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
In leadership, not code. That's a pretty big difference.
I also think we shouldn't have people from the NSA, CIA, or FBI as maintainers either, because they have clear conflicts of interest. That said, I think it's a lot less likely for the US government to extort a maintainer to let bad code through than the Russian government. It's much more likely for the US government to try to hide bad code in the normal review process, and I'm sure that happens w/ Russian spy agencies as well, but allowing someone in a region that has demonstrated that they're willing to strong-arm people into doing things that benefits the state (i.e. through threats or even outright force) to hold a maintainer position in a very influential piece of software isn't a great idea, especially when their government is choosing to be an international pariah.
I have zero problem with Russians contributing code to the kernel, I just think it's wise to remove Russian citizens from leadership positions to limit the impact of Russian interference in Linux development.
You are talking about hypothetical situations in the organization with around 2694 maintainers. What I find interesting, is that no one in this thread thought it would be good to check if these 11 already contributed something harmful. Instead, it's just “good, we prevented a bad thing”.
Anyway, your extreme take “ban all Russians because what if” goes much further than what happened in reality (“ban Russians working for companies under sanctions”): https://social.kernel.org/objects/860ef93c-229b-4070-8ee6-cb80d1f51337
I never said "ban all Russians," I said we should be more skeptical of allowing Russian citizens to be in leadership positions on projects like the Linux kernel, especially while their government maintains a hostile attitude toward much of the rest of the world, and thus presents a greater risk of knowingly allowing malicious code to get into the tree. That's it.
Perhaps some Russian citizens can be trusted, idk, I honestly haven't looked into exactly who the maintainers are (as you mentioned, there are a lot), or where they're domiciled. I have zero issues with Russian people in general, I just think the current political climate makes it much more difficult to trust Russian citizens on these projects. They can absolutely submit code and it'll go through the normal review process, they may just be prohibited from holding leadership roles.