• a1studmuffin@lemmy.ml
    link
    fedilink
    arrow-up
    12
    ·
    2 months ago

    What I don’t understand about this whole situation: why does it matter where commits originate from if you’re dealing with an open source project? Does the Linux kernel not peer review code? Can’t security researchers from around the world comb over the source code for vulnerabilities/malware? Or is this all just political theatrics?

    • PhilipTheBucket@ponder.catOP
      link
      fedilink
      arrow-up
      32
      ·
      2 months ago

      They’re not allowed to be collaborating with people who work for certain Russian companies. It’s not a question of security, it’s a question of US law requiring US entities to punish through non-cooperation certain companies that are assisting in the war effort or whatever.

      It might or might not be fair, but it isn’t up to the kernel developers, it’s a legal requirement for them.

      • Sauerkraut@discuss.tchncs.de
        link
        fedilink
        arrow-up
        1
        ·
        2 months ago

        It might or might not be fair, but it isn’t up to the kernel developers, it’s a legal requirement for them.

        Part of me believes we have a moral obligation to disobey immoral laws. Doubly so when the US is a oligarchy that does not reflect the will or morality of the working class.

        • Mora
          link
          fedilink
          arrow-up
          5
          ·
          2 months ago

          Somewhere i read that non compliance could land you in jail. If I was a maintainer, i am not sure if I would like to go to jail for OSS.

    • 0xb@lemm.ee
      link
      fedilink
      arrow-up
      9
      ·
      2 months ago

      Not about code security (even thought that is certainly important by itself). Sanctions are about political and economical isolation, is not that you don’t trust their companies, is that you want to unplug them as a punishment.