I for one am going through quite a culture shock. I always assumed the nature of FOSS software made it immune to be confined within the policies of nations; I guess if one day the government of USA starts to think that its a security concers for china to use and contribute to core opensource software created by its citizens or based in their boundaries, they might strongarm FOSS communities and projects to make their software exclude them in someway or worse declare GPL software a threat to national security.

  • aaaaaaadjsf [he/him, comrade/them]
    ·
    edit-2
    26 days ago

    It just shows how hypocritical and Western biased the community is. Are Israeli and US maintainers ever going to get kicked out of projects for their countries many crimes? No of course not, they would never apply their own standards to themselves, which defeats the point of them in the first place.

  • Max-P@lemmy.max-p.me
    ·
    26 days ago

    Those kinds of problems aren't particularly new (PGP comes to mind as an example back when you couldn't export it out of the US), but it's a reminder that a lot of open-source comes from the US and Europe and is subject to western nation's will. The US is also apparently thinks China is "stealing" RISC-V.

    To me that goes against the spirit of open-source, where where you come from and who you are shouldn't matter, because the code is by the people for the people and no money is exchanged. It's already out there in the open, it's not like it will stop the enemy from using the code. What's also silly about this is if the those people were contributing anonymously under a fake or generic name, nothing would have happened.

    The Internet got ruined when Facebook normalized/enforced using your real identity online.

  • geneva_convenience@lemmy.ml
    ·
    edit-2
    26 days ago

    Yes. There is an extremely arbitrary distinction made between the USA and Russia. Both are known for injecting spyware. China is somehow still okay? It makes no sense.

    Not to mention the elephant in the room by not banning another certain country actively committing war crimes.

    All software should be safety checked. Where the maintainer is from should be irrelevant.

    But the most weird aspect is the timing. Why now and not a few years ago?

    • DigitalDilemma@lemmy.ml
      ·
      25 days ago

      China is somehow still okay?

      China is too important a supplier to the West. Sanctions against them would lead to retaliatory sanctions against the West from China which would be economically devastating.

      Obviously they are just as dangerous and as actively involved is espionage as the other world players, but they hold too many cards to risk escalation. The West is also too important to their economy to escalate beyond war games. At least - we all hope so.

  • communism@lemmy.ml
    ·
    26 days ago

    Not really, open source projects don't necessarily have to be open to all contributors and I was aware of this already. They have to be open to anyone doing what they want with the code, by definition, which is good, but they don't have to allow everyone to contribute to upstream. I'm not sure if there's any particular defence against this being used in a discriminatory manner, but I do think this effect is significantly mitigated by the decentralised nature of open source and the fact that it's not too uncommon for forks to become preferred over the original, the fact that open source projects rise and fall in popularity, etc.

    I wonder if there's some way to manage an open source project so that it's not subject to particular national laws in this way.

  • Eugenia@lemmy.ml
    ·
    26 days ago

    Well, in theory open source is immune to all that. However, the country a project is registered at, matters. That's why the RISC-V project, for example, took its headquarters from the US to Switzerland. For that exact reason: so no country could strong arm it, especially since Chinese were the major contributors to the project (Switzerland is not 100% neutral, but it's more neutral than other countries).

  • DoubleChad@lemmy.ml
    ·
    26 days ago

    Just this one. The philosophy is still there, Linus and TLF have abandoned it with great hubris. I am very disappointed in them.

  • CommanderCloon@lemmy.ml
    ·
    26 days ago

    This shows that no open-source project can really be directed from the US, or if they are then a fork should exist and be maintained by BRICS citizens who are obviously viewed as lesser, at least in the Linux project.

  • notTheCat@lemmy.ml
    ·
    26 days ago

    Yes, bad actors can exist everywhere, it doesn't really help anything but fragment the project and harm it, do we need multiple directed forks ? Fuck no it will be best if everyone can monitor and contribute, I kind of think of it as they do peer reviewing in research and shit, it's always better when more people can view it, that will leave less room for biasing and frankly detect bad actors easily

  • CanadaPlus@lemmy.sdf.org
    ·
    edit-2
    26 days ago

    What happened this time?

    Edit, answered elsewhere:

    Recently, Linux removed several people from their organization that have Russian email addresses. Linus made a statement that confirmed this was done intentionally. I believe that there was some mention of following sanctions on Russia due to the war. I haven’t looked into the details of it all, so take my analysis with a grain of salt. From what I understand, it sounded like it was only Russian maintainers that were removed and normal users submitting code from Russia can still contribute. Maintainers have elevated permissions and can control what code gets accepted into a project, meaning that a bad actor could allow some malicious code to sneak past. This may have also contributed to the decision since this type of attack has happened before and Russia seems like a likely culprit. The reactions to this change have been varied. Some people feel it is somewhat justified or reasonable, some people think that it means it is no longer open source, and some people think it is unfairly punishing Russian civilians (it is worth noting that that is part of the point of sanctions).

  • Dr_Vindaloo@lemmy.ml
    ·
    26 days ago

    Yes. I always thought of sanctions as being finance-related, meaning you can't transact with sanctioned groups. I figured it couldn't apply to decision-making/membership in non-profit organizations (that it might somehow violate "free speech" or some shit). Finding out this is not the case is terrifying and one more reason to hate the US (not that we needed more). This might disincentivize some people to contribute to FOSS.

  • bloodfart@lemmy.ml
    ·
    26 days ago

    Unfortunately no.

    I remember the selinux controversy and the nsa trying to slip bad algorithms in.

  • kyub@discuss.tchncs.de
    ·
    26 days ago

    I get that it's a nice daydream to think of open source projects as existing in some kind of independent, ethereal vacuum just because the code is out there and accessible from any place on Earth. But every software project is (mostly?) dependent on the jurisdiction in one country, in this case it's the US, and so their laws about sanctions and so on apply. And yes, this means that unless conflicts/wars between nations happen to cease, that we will eventually have completely separated blocks of politics/culture/military and also IT. Globalization is over. China will have their own stuff, Russia will have their own stuff, and US+EU will have their own stuff. And none of those countries should continue using high-tech products made by the other because they could be sabotaged and it might be hard to find, so it's best to not use them at all and just cook your own stuff. It's unfortunate, but bound to happen in the current state of the political world.

  • MostRandomGuy@lemmy.ml
    ·
    edit-2
    26 days ago

    Certain Open Source movements are pure bigotry and opportunism, the Linux Kernel / The Linux Foundation for example, so it doesn't really make me wonder.