Oddbean new post about login | logout I don't see how taking free contributions from Russian contributors is supporting Russia's political aggression. Unless they were being paid or there's some other law not being mentioned here... I believe there are some export laws that cover certain types of software, but it isn't as clear to me as he implies it should be.
Yeah it sounds like he doesn't want to incriminate himself, as he isn't a lawyer he doesn't want to talk about it. But he didn't miss the opportunity to express his hatred of Russia. I would have expected him to be more nuanced about the difference between Russian governmental policy and Russian citizen coders.
I suspect if you are part of the empire you must say certain things to not appear confrontational Btw enjoyed this Finnish movie https://www.imdb.com/title/tt4065552/
Apparently it is an executive order from Biden causing the chaos. I do find it concerning that he made no effort to defend maintainers who weren't exactly no name contributors. He had no issues stating his other political views. I also hate Russia, but I see no benefit in going along with clipping dedicated FOSS contributors without even acknowledging the absurdity of it. I can understand the US not wanting people to directly help the Russian government or other enemies, but I don't think FOSS should be a concern. I especially don't think alleged defenders of FOSS should just go along with this sort of treatment for contributors without calling it out as bullshit.
Again anonymous devs win. Monero devs are a good role model here.
I'm not sure that flies if an official regulated entity is involved. For example, a non-profit or something that spearheads a project (as with Linux). Maybe best efforts to collect dev data will suffice, but this is somewhat unchartered territory (for FOSS software) in the US from what I can tell. It may not suffice and anon devs may just get booted anyway. The best strategy could be to let the regulated arm do what it has to and then use the right to fork for those of us who aren't regulated non-profits or whatever. I'm honestly not sure how this plays out. Centralized funding is an obvious issue here because that's the attack vector government is using. It isn't practical to go after every single one of us pulling from repos. I think the result is going to be greater fragmentation, lower quality and less secure software in the long run. Hopefully I'm wrong. Either way, forking Linux outside the US may help, but so many other US based projects are using it that I just don't think it's practical. The whole thing is goofy.