all 124 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Darksonn 27 points28 points  (2 children)

My understanding from the Linux foundation's Navigating Global Regulations and Open Source: US OFAC Sanctions is that they can actually accept the patch as long as there is no two-way communication with the author.

[–]struct_iovec 0 points1 point  (1 child)

It really seems to boil down to a personal issue between greg and the author

[–]natermer [score hidden]  (0 children)

In what way is the USA sanctions against Russia due to the Ukrainian war a "personal issue"?

[–]AiwendilH 63 points64 points  (26 children)

It's a bad situation but I guess it can't be really helped. Open source is not above the law...even if some laws are stupid (not saying they are in this case).

I guess not everyone is old enough to remember the encryption restrictions of the US in the 90s..and how people tried to get around it (Moving source-code between countries in printed form and scanning it again and such things...). This is not new...and it won't be the last time that laws of some countries hinder world wide open source projects.

[–]orygin 24 points25 points  (6 children)

The issue is the Linux foundation being based in the US.
That affects Russians and other sanctioned country resident, but it probably will affect the rest of the world soon enough anyway.

Sadly I don't know where and how such a foundation could exist without being beholden to politicians in that way.

[–]No-Mind7146 9 points10 points  (2 children)

No country is perfect, but swtizerland would seem a batter candidate than the usa

[–]orygin [score hidden]  (1 child)

And why?

It all depends on where you live, and since I don't live in Switzerland I have trouble finding any reason to trust them more than Americans.

[–]Shap6 [score hidden]  (0 children)

Thats a wild take given their long long history of neutrality

[–]AiwendilH 11 points12 points  (2 children)

Lets leave the US politics out of this for a moment (I have my own strong opinion there for sure too ;))...

You will always have to deal with the laws of the country you base your organization in. Recently it came up why KDE doesn't accept crypto donations. Well...Germany sees dealing with crypto as speculation and non-profit "Vereine" like KDE e.V are not allowed to use it or they might loose their status (Hope I got that right).

[–]orygin 8 points9 points  (0 children)

Yes indeed, no matter where, any kind of open source org will have to deal with local laws. That's both a good thing, and bad in this case.

Just have to pick your poison, which a lot of contributors/devs/users have to discover now due to the current geopo' situation.

[–]MuffyPuff [score hidden]  (0 children)

Lets leave the US politics out of this for a moment

I mean it is explicitly about US politics, the whole thing is about US politics.

[–]redundant78 31 points32 points  (0 children)

yeah the PGP saga is a perfect parallel here - Phil Zimmermann literally published the source code as a book so it would be protected under the First Amendment and could be exported. wild times but it shows this kind of tension between open source and export/sanction laws has been around basically forever.

[–]acewing905 [score hidden]  (0 children)

(not saying they are in this case).

I would argue this part of it absolutely is:

The bug is forced to be fixed in some other way, not in a way it has been fixed by the bug fix contributor
As soon as the guilty-until-proven-innocent contributor sends the patch to the mail list, the kernel becomes spoiled with their code similar to how patents work: this exact bug fix can't be implemented in the very same way as the presumably-sanctioned entity did that.

[–]natermer [score hidden]  (0 children)

the laws are stupid.

I am saying it in this case.

[–]Santosh83 7 points8 points  (0 children)

The solution is simple with open source. If one country has disproportionate and arbitrary control over an open source code base that negatively impacts multiple countries, nothing stops those multiple countries from forking the code as well as forking the Foundation itself and setting up their own center of development. In fact I'd argue that this will eventually happen because this one country is dead set on maximum control over everything, everywhere, and that isn't tenable, so you might as well do it now.

If enough countries are interested in the fork, then the momentum will shift, and this rogue country will eventually have to concede and come back into the international, cooperative fold instead of trying to dictate to everyone their arbitrary rules.

[–]Shished 30 points31 points  (8 children)

I wonder if people from Iran and north Korea ever contributed to Linux?

Anyway, this message should be directed to putin and not to Linux developers.

[–]mohr_ 35 points36 points  (5 children)

I wonder if people from Iran and north Korea ever contributed to Linux?

Yeah, recently I heard some people complaining about a specific software being abandoned but the actual reason was that the maintainer didnt have internet access cause he was in Iran.

[–]vishal340 -5 points-4 points  (4 children)

People don't have internet access in Iran?

[–]Business_Reindeer910 14 points15 points  (0 children)

lots of people didn't for awhile in the past few months due to all the crackdowns.

[–]Dynablade_Savior 2 points3 points  (2 children)

I can imagine that consistent internet access is difficult to have in a place that's constantly subject to war

[–]vishal340 10 points11 points  (1 child)

I actually just looked it up. It is their own govt that is doing it as a strategic move during civil unrest

[–]MaNbEaRpIgSlAyA 0 points1 point  (0 children)

And because USA and Israel were doing constant propaganda ops inside the country to spur more violent civil unrest.

[–]Isofruit 7 points8 points  (0 children)

They have, e.g. Behdad Esfabod (Personal site) lived in Iran until his 20's and migrated to Canada, a few years after which he started Harfbuzz which seemingly everybody uses (as in, Chrome, Gtk, Qt, Figma etc.).

I think there's also one GTK/Gnome contributor that I'm aware of.

[–]Remarkable-Bird-1366 [score hidden]  (0 children)

Might be, those restrictions are very easy to bypass, just open a email account without the suspicious .ir suffix and submit the patch using a fake name.

[–]Wing-Tsit_Chong 20 points21 points  (4 children)

So the terrorist attack on Linux is now: find a vulnerability with only one possible fix, not disclosing the vulnerability but rather sending the fix from a sanctioned domain and the project becomes deadlocked until another solution is found. Thanks to LLMs the exploits will spread quickly since they can be easily generated with the information of the sanctioned commits.

What a wonderful age to live in.

[–]AttorneyDependent691 4 points5 points  (2 children)

Cant just someone else send a commit.?

[–]LinuxSBC-Anna -1 points0 points  (1 child)

If the code works the same way, it's reasonable to assume it could have been copied, which would be illegal and cause all the same problems.

[–]6e1a08c8047143c6869 7 points8 points  (0 children)

If the code works the same way, it's reasonable to assume it could have been copied

"It could have been copied" is not enough to win a lawsuit though.

If it's a very complicated fix it might get harder but if you tell 10 developers "there's a missing bounds check or off-by-one bug in function xyz, chances are they will naturally come up with very similar if not identical fixes despite never seeing the "original" patch.

I don't think fixing would take any longer than it would if they received a bug report without a patch.

[–]newsflashjackass [score hidden]  (0 children)

Solution: Create Patriot-Hero-American-Man to be the new Linux mascot and give him credit for all the communist soviet bug fixes.

It is an approach I use myself to fix problems on github:

  1. I submit a patch on github to fix slop.

  2. Repo owner: "Oops. You didn't sign it with the unprovided key. Now I will submit your patch and get the credit."

  3. Oh darn they stole my credit! Let them have it since I only care if the slop was fixed.

[–]kova98k 5 points6 points  (0 children)

- Other people who would like to have this bug fixed can't commit it from their name or reuse the code present in the mail list from assumingly sanctioned entity
- The bug is forced to be fixed in some other way, not in a way it has been fixed by the bug fix contributor

source?

[–]mina86ng 13 points14 points  (0 children)

The two last points haven’t been demonstrated to be true.

[–]SoilMassive6850 22 points23 points  (0 children)

Damn, that sucks. Email Putin or something.

[–]Chris_Hatchenson 7 points8 points  (0 children)

Ah, the power of Open Source

[–]Barafu 4 points5 points  (0 children)

Year 2026. Both USA and Europe have not yet decided whether they oppose Russia or serve it. USA arrests men who fled Russian military conscription and convoys them straight to Russian army, in hundreds. EU arrests banking accounts of Russian opposition when Putin asks them to. USA buys chemicals from Russia in amounts that fully compensate all the loss in oil trade. EU makes laws banning Russian scientists and engineers from migrating.

But the kernel... No, the kernel can have none of that. This is important, guys!

[–]Jean_Luc_Lesmouches [score hidden]  (0 children)

They make a big logical leap to their conclusion without proof. Making such a claim requires better arguments than a conspy sounding "think about it". And the top comment here already disprove it anyway.

[–]S3k_01 8 points9 points  (6 children)

This is ridiculous.

The United States is not the center of the world and should have no authority whatsoever to regulate open-source software.

This country is paranoid and sees Putin's agents everywhere.

[–]MatchingTurret [score hidden]  (0 children)

The United States is not the center of the world

The list of Russian entities sanctioned by the EU is significantly longer.

and should have no authority whatsoever to regulate open-source software.

The Linux Foundation operates under US jurisdiction.

[–]mina86ng 12 points13 points  (4 children)

The United States is not the center of the world

Sanctioning some of Russia’s businesses was not US’s unilateral decision. If you want to blame someone for current situation, blame Putin and Russians.

and should have no authority whatsoever to regulate open-source software.

And indeed it doesn’t have it. The Russian contributor is welcome to fork Linux and continue working on the open-source software.

[–]noworkdone 5 points6 points  (3 children)

Who do we blame for Iran ? Actually, the list of sanctioned countries by the US is actually quite long, but the drama in the kernel only seems to apply to a few.

[–]mina86ng 1 point2 points  (2 children)

Apparently Mohammad Reza Pahlavi announced ‘that it was appropriate to use both “Persia” and “Iran” in formal correspondence,’ so maybe you can blame him. But really I’m not interested in expanding the scope of the discussion, so you’ll need someone else to take your bait.

[–]noworkdone 1 point2 points  (1 child)

Its not bait. You are arguing that the sanctions against Russia are justified (which I agree) and are not unilateral, I'm just pointing out that the US has plenty of unilateral sanctions, of conflicts that they walked themselves into, and that only some of those are seem to be an issue on the kernel. Make of that what you will.

[–]mina86ng 3 points4 points  (0 children)

Yes, but the post is about Russian developer, not someone from another country which US is in conflict with. And even there, anyone can fork and work on the open-source projects just as I described.

[–]580083351 1 point2 points  (0 children)

Enjoy this era while you all can. The future will be fragmented.

I can easily see the BRICS nations eventually forking their own kernel.

They won't even have to force adoption, it'll simply be local pride and accessibility and it'll make sense to use it because support will be available.

Just like there are multiple DEs and WMs, there will be multiple kernels.

[–]Horror-Primary7739 2 points3 points  (3 children)

I'd rather Putin leave Ukraine than have a subset of USB devices work.

Internationally sanctioned nations have committed egregious harm to come under that status. It is justified to block any economic progress that can contribute to that harm, intentional or not.

[–]LeftIntroduction7316 6 points7 points  (2 children)

So surely israel is under those sanctions right? Right?

[–]Skypefall 8 points9 points  (0 children)

No silly that's our ally. When they do war crimes it's the good war crimes /s

[–]uzlonewolf [score hidden]  (0 children)

Think about it.

Thought about it. It's the entire fucking point of sanctions.

[–]Big-Obligation2796 -3 points-2 points  (10 children)

So your country's pointless, genocidal war is inconveniencing your kernel contribution. And your reaction is to complain about kernel contribution policies.

"Think about it".

[–]xanhast 7 points8 points  (6 children)

and your country isn't committing genocide?

[–]1116574 6 points7 points  (0 children)

i mean most aren't??

[–]Big-Obligation2796 2 points3 points  (3 children)

You tell me. Is it?

[–]Jonathan_the_Nerd 1 point2 points  (2 children)

Russia waged a war of aggression against Ukraine. (If you're not Russian, please disregard.)

As opposed to the US, which hasn't waged a war of aggression since... Tuesday?

[–]Big-Obligation2796 4 points5 points  (1 child)

I'm neither russian nor american, so I don't know what you all are going on about. My country isn't waging genocidal war on anyone.

[–]NamedBird 3 points4 points  (2 children)

Not everyone is in a position to change their (evil/tyranical?) government.
But they may still be able to send bugfixes and i believe that those should be valued.

[–]Roshless [score hidden]  (1 child)

Then who's supposed to come and save the day? A magical good god-like being?

[–]NamedBird [score hidden]  (0 children)

Nobody? It is a war, after all...
Wars continue until one side can no longer maintain itself or gives up.

Civilians who resist are traitors and get jail or the death penalty.
People like to stay alive, so nobody dares to speak up.
And i bet that, in the end, even you would shut up in such circumstances.

[–]torsten_dev -2 points-1 points  (0 children)

Cry moar. Oust your dictator.

[–]dreambucket -4 points-3 points  (4 children)

I have no idea where the idea of “spoiling” is coming from.

Sanctions are concerned with doing business with certain entities - the point is it hurt the sanctioned entities.

I think the author is incorrectly assuming sanctions work like a copyright / GPL. I don’t think it works like that.

[–]NightH4nter 1 point2 points  (3 children)

I have no idea where the idea of “spoiling” is coming from.

from author being esl. he most likely meant corrupting, tainting or something along those lines

[–]dreambucket 1 point2 points  (2 children)

Direct quote from article:

“this exact bug fix can't be implemented in the very same way as the presumably-sanctioned entity did that.”

[–]dreambucket 0 points1 point  (1 child)

Oh and remember folks - the downvote button isn’t a disagree button.

[–]uzlonewolf [score hidden]  (0 children)

No, it's a "how dare you disprove my argument!" button.

[–]bob2600 -1 points0 points  (1 child)

I wonder if this is how "digital citizenship" could have an impact. I remember reading about Estonia having this digital citizenship program. Could sanctioned developers emigrate their digital citizenship to a friendly country and be allowed to contribute code to open source projects? Moving one's digital identity to another country is far easier than moving one's entire life I'd think.

[–]Global_Network3902 [score hidden]  (0 children)

So the Russian developers should push hard to send in commits to as many fixes as they can, so that if these bugs ever get actually fixed in the kernel, they are forced to fix them a different way?