I for one am going through quite a culture shock. I always assumed the nature of FOSS software made it immune to be confined within the policies of nations; I guess if one day the government of USA starts to think that its a security concers for china to use and contribute to core opensource software created by its citizens or based in their boundaries, they might strongarm FOSS communities and projects to make their software exclude them in someway or worse declare GPL software a threat to national security.
Linux at this point is an absolutely critical part of the information infrastructure our world is built on. It’s not just a few nerds in basements cobbling together code. Safeguarding this infrastructure against bad actors is absolutely crucial for everybody’s safety. Unfortunately we’re going to see more of this kind of stuff in an increasingly polarised world.
Israelis are more known for putting backdoors wherever they can than Russians, for example.
Anyway, nation-states are not the only kind of group with malicious interest. Maybe a maintainer is a member of some mafia, I dunno. How are you going to know this?
Many things can be done with FreeBSD. Again, in our time it may get some popularity again not because of such events even, but because of their possibility and to avoid monoculture (in the context of backdoors too).
I’m not concerned that they followed the best advice of their lawyers to respond to the legal and political challenges that currently exist.
I am concerned that hostile nation states (define those as you will) have made supply chain attacks (remember the xz Utils backdoor) so common that actions like this or worse are becoming necessary and that open source, globally contributed software could be at risk.
One of the big weaknesses of open source is the same as democracy. Nobody has time to review every piece of code (or research and hold accountable every politician) which leads to risks.
It’s a different risk vector. While companies want your information to sell, they don’t want to take over your computer to use it in a bot net or steal your bank information and clean out your account.
Open source by it’s very nature relies on a lot of people having good intentions, free time, and knowledge for it to work well and safely.
Certain Open Source movements are pure bigotry and opportunism, the Linux Kernel / The Linux Foundation for example, so it doesn’t really make me wonder.
Same here. For now it’s only barring contributors which won’t harm actual users much, but that could change in the future with the precedent this is setting.
What’s the point of “FOSS” at that point if it’s not so different from corporate products, being similarly vulnerable to sanctions? I could see genuine free software being relegated to piracy communities if it goes that far.
