lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e25fb178-39fa-4b75-bdc8-a2ec5a7a1bf6@typeblog.net>
Date: Wed, 23 Oct 2024 15:15:17 -0400
From: Peter Cai <peter@...eblog.net>
To: Linus Torvalds <torvalds@...ux-foundation.org>,
 Tor Vic <torvic9@...lbox.org>
Cc: Kexy Biscuit <kexybiscuit@...c.io>, jeffbai@...c.io,
 gregkh@...uxfoundation.org, wangyuli@...ontech.com, aospan@...up.ru,
 conor.dooley@...rochip.com, ddrokosov@...rdevices.ru,
 dmaengine@...r.kernel.org, dushistov@...l.ru, fancer.lancer@...il.com,
 geert@...ux-m68k.org, hoan@...amperecomputing.com, ink@...assic.park.msu.ru,
 linux-alpha@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
 linux-fpga@...r.kernel.org, linux-gpio@...r.kernel.org,
 linux-hwmon@...r.kernel.org, linux-ide@...r.kernel.org,
 linux-iio@...r.kernel.org, linux-media@...r.kernel.org,
 linux-mips@...r.kernel.org, linux-renesas-soc@...r.kernel.org,
 linux-spi@...r.kernel.org, manivannan.sadhasivam@...aro.org,
 mattst88@...il.com, netdev@...r.kernel.org, nikita@...n.ru,
 ntb@...ts.linux.dev, patches@...ts.linux.dev, richard.henderson@...aro.org,
 s.shtylyov@....ru, serjk@...up.ru, shc_work@...l.ru,
 tsbogend@...ha.franken.de, v.georgiev@...rotek.ru,
 wsa+renesas@...g-engineering.com, xeb@...l.ru
Subject: Re: [PATCH] Revert "MAINTAINERS: Remove some entries due to various
 compliance requirements."

Hi there,

Not a maintainer, but I have made several bug reports using this email 
address. At least 1 reasonably-sized patch is also currently under 
review in the networking mailing list, along with people from several 
American corporations, so hopefully you won't automatically assume this 
email came from a "Russian troll" account.

Ok. With that out of the way, if you still want to bother reading, 
here's why, in the most un-provocative tone possible, why your comments 
_completely_ miss the point why people are upset:

On 10/23/24 1:45 PM, Linus Torvalds wrote:
> Ok, lots of Russian trolls out and about. >
> It's entirely clear why the change was done, it's not getting
> reverted, and using multiple random anonymous accounts to try to
> "grass root" it by Russian troll factories isn't going to change
> anything.

Yes. Everybody who has more than 1 brain cell knows, in general, "why". 
The point was never to ask for the obvious response.

People are upset because no reference to _exactly which compliance 
requirement_ resulted in the removal of these maintainers. No 
open-source project can live outside of a political entity, but that is 
not the reason why "obviously" can be used to write off such a change.

Even just stating "we were contacted by <...> but details are under NDA" 
is a **much** better response than "due to various compliance 
requirements". No one is saying the LF or the Linux kernel should be 
outside of politics. That's impossible. But it _is_ possible to run the 
project based on _transparency_ and _honesty_ instead of "why can't you 
see the obvious".

> And FYI for the actual innocent bystanders who aren't troll farm
> accounts - the "various compliance requirements" are not just a US
> thing.

Again -- are you under any sort of NDA not to even refer to a list of 
these countries?

> If you haven't heard of Russian sanctions yet, you should try to read
> the news some day.  And by "news", I don't mean Russian
> state-sponsored spam.

Before calling out community members who raised legit concerns about 
procedural transparency, maybe it is worth doing a quick fact-check. 
There are a lot of suspicious looking `.ru` emails in this thread, but 
they are not who first raised the concern. The revert patch was sent out 
by someone at aosc.io. Look up who they actually are -- and before you 
assume "state-sponsored spam" just because of the language of the 
website, maybe you can also spend more than 1 second to check where the 
website is even actually located.

> As to sending me a revert patch - please use whatever mush you call
> brains. I'm Finnish. Did you think I'd be *supporting* Russian
> aggression? Apparently it's not just lack of real news, it's lack of
> history knowledge too.

I hope that either this comment wasn't written by the real Linus 
Torvalds, or that Linus was not under his best judgement when this email 
was sent. Because just like anyone who reads the news would know about 
Russian aggression, anyone who knows anything about politics should also 
be able to understand that individuals and their states are different 
concepts.

If these maintainers are associated with the Russian state, this should 
be cited as the reason for their removal. And you know what? Most people 
wouldn't have any problem with it. And then you can say "we are not 
supporting Russian aggression" with confidence. But this is **not** what 
was done.

I seriously hope that Linus Torvalds would have known better.

Thanks,
Peter.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ