Linux maintainer rejects patches from sanctioned Russian Baikal Electronics
lore.kernel.orgIn case you didn't know that, Baikal processors are made specifically for russian military and have no civilian use.
It's worth to add that Baikal Electronics is sanctioned by USA, EU, UK and banned to use ARM. So "feeling uncomfortable accepting the patch" is a nice euphemism in that case.
Well it's indeed one of major SoC suppliers for Russian military, but actually Baikal SoC are used for various civil purposes too: thin clients, servers, network routers, industrial automation/SCADA, CNC and so on.
These are subpar processors for the cost, they are only used when the certification requirements of the govt are in place. Ministry of defence subcontractors hardly count as civilian users.
> These are subpar processors for the cost
Intel, Apple, etc are refusing to suppy to RU. Subpar but available parts started making sense.
Linux support enables civilian use exactly; military users likely depend on the mainstream kernel a lot less.
Sanctions created an opportunity and developers are desperate to grasp it.
> Baikal processors are made specifically for russian military and have no civilian use
These are general purpose processors and there are plans to deploy them widely across Russian civil service and major state owned banks.
They are indeed sub-par compared to Intel or ARM however in the present situation Russia is faced with a choice between importing electronics through grey channels and developing its own national product even if it is subpar to what would have been normally available.
I personally very much hope the 2nd choice is taken, domestically designed processors take hold and the world gets a new choice of hardware to use.
While I agree that code and science should be separated from politics, isn't this the point of the sanction?
AFAIK the Linux Foundation is a US non-profit, and many core kernel developers, such as Linus Torvalds and Greg KH reside in the United States.
> code and science should be separated from politics
I think almost no one agrees that it should be completely separate; there should be some distance, yes, but all these things do exist in the same reality and that can't always just be ignored. Should Linux also accept North-Korean patches for their ICBMs in mainline? Probably not. They can't prevent Linux from being used in them, but they also have no obligation to go our of their way to review, merge, and maintain the code for it.
There is a lot of grey area and you can argue about the specifics of various situations for ages, but there clearly is a point where politics and the intended purpose of patches do matter.
> Should Linux also accept North-Korean patches for their ICBMs in mainline?
While NK is probably not looking to merge their `char/icbm` driver to the mainline tree, what about the NK military fixing a nasty bug in the memory allocator? Should the patch be rejected even if it improves a non-military subsystem, just because of who wrote it?
It's just food-for-thought, personally I do not care one way or the other. As you say, it's all a grey area, and there is not a clear answer, which is where politics and posturing, rather than pragmatism, thrives.
Ignoring trust issues (NK inserting a backdoor), I'd say clean bugfixes should probably be accepted.
My main point was to nuance the absolutist "code and science should be separate". I don't know enough about this code to make a judgement one way or the other: as I understand the commit message it's a cleanup as a prelude to GMAC and X-GMAC SoC support. Maybe the code is badly in need of some cleanup, or maybe it's essentially just fine and there is no reason to merge any of this beyond supporting those SoCs.
> Ignoring trust issues (NK inserting a backdoor)
For another option, is it possible that patching a legitimate bug could open up a line of attack in an otherwise unrelated piece of code that the bug was somehow blocking? If it is, even legitimate, verified bug fixes, or even bug reports, from non-trusted sources, should be carefully vetted.
They did end up banning all of the University of Minnesota over trust issues. Everything should be carefully vetted, sure, but it's always possible something gets missed; a good backdoor is indistinguishable from a bug, and those definitely end up getting merged. Any merge is a "risk", so to speak. It's a matter of risk management: a patch from Greg Kroah-Hartman is very unlikely to contain an intentional backdoor and a patch from Kim Jong-un is more likely to contain one, and with lots of shades in-between those two extremes.
Worse, you can be quite sure that a patch or series of patches from "Kim Jong-un" will introduce a bug (or rather a well hidden corner case) leading to a backdoor. It can be assumed that there's a hidden incentive behind the patches.
All I'm hearing is NATO military good guys, everyone else evil.
Somehow I should be agreeable to US weapons teams mainlining patches say for whatever weapon killed that random.man and his children during the fall of Kabul. But not a nasty North Koreans?
If that's all you're hearing you are so overly emotionally invested that it's blinding you to context.
No one is saying that citizens and corporations of non-aligned countries shouldn't submit patches which are accepted by the maintainers. They're saying that citizens and corporations of countries which are engaged in hot, cold, or proxy wars with the countries of citizenship of the maintainers shouldn't have patches accepted by said maintainers.
This is silly cutting off your nose to spite your face.
And for your users too.
It's very rich to claim I'm too emotionally invested (because I'm rationally assessing the situation??) in the topic then go one about the emotional investment (comfort) of the maintainer to justify their view...
That's classic projection.
"All I'm hearing is NATO military good guys, everyone else evil."
This is not rational. It's an emotional interpretation of what was written.
Yes just a coincidence everyone in the thread seems okay with NATO national intelligence and military submitting patches to Linux.
But definitely Russian, North Koreans and Iranians shouldn't.
It's like I'm stuck in a Top Gun movie...
From what I read in the thread you were the one bringing up NATO intelligence and military patch submissions. And you did it in a context of saying that from what you gather even people from non-aligned countries would be banned from submitting to the Linux kernel, too.
Perhaps other people in this thread also think it's problematic that any military or intelligence agency submits patches. But that wasn't what the post is about. It's about a Russian military-associated company. And that's what most of the comments I read were commenting about.
If you want to channel the conversation to your hobbyhorse you can, and did. But that doesn't mean the people who respond negatively to your comments don't agree in general with you. It seems to me that national militaries should be maintaining their own kernels. And just for precautionary purposes intelligence agencies/companies (whether national or private sector) should be generally banned from kernel submits. Bug reports and exploit reports are another thing, but they are too motivated to insert backdoors and exploits due to the nature of their business.
Clearly, you are not understanding the problem then
And you think this is a problem with political roots, right?
> We don't feel comfortable accepting patches from or relating to hardware produced by your organization.
Is the discomfort based on technical, or legal, or moral/political reasoning?
The company in question seems only to manufacture for the Russian Armed Forces, not for any civilian products.
Yes.
It's not that simple. A single person is not required to agree with what their country is doing, and probably can do little. Unless something can be attached to their name, like a tweet saying "all ukrainians shall die" or spreading modern russian ideology, it's wrong to punish. It's prejudice, it's discrimination, no different than not letting somebody into a restaurant just because of their race. Were all germans guilty because of Hitler?
> Were all germans guilty because of Hitler?
If a German, during WW2, or heck even WW1, submitted an article to a British journal on improvements to industrial equipment, and did so on BASF letterhead and with a correspondence address to BASF's headquarters, companies in the allied nations would be right to think twice before implementing those improvements, or even making comments on those improvements.
Sorry, but I can't believe you've just compared discrimination against someone going into a restaurant due to their race to Hitler/the Holocaust. Like, c'mon.
What's that rule that every argument on the Internet eventually devolves into something about the Holocaust or Hitler or something like that?
Suppose it's not everybody's cup of tea, but there are users on this planet who would love to be running a fully free and open source software on machines that provably have no Intel Management Engine or other comparable closed-source technologies.
What the community could be doing instead of refusing useful patches enhancing support for an IP-core licensed from a western company is working with Baikal developers to ensure that desktops/laptops built on their hardware include no closed source software blobs anywhere in the drivers or in EEPROM.
How often do we have an opportunity like this?
The context seem to be missing - is it just this specific maintainer's opinion or a result of consensus? Is this specific maintainer in position to make this decision on behalf of the team?
Redhat is also providing FLOSS to weapons manufacturers (Raytheon and Lockheed Martin):
http://techrights.org/2022/10/27/red-hat-lockheed-martin-ray...
A lot of opinions, but it's 200% true - LINUX IS NOT FREE. IT'S CONTROLLED BY US GOVERNMENT.
Does the copyright work in this case?
Because the patch was actually published already fully (in the mail list), if I understand it correctly.