[TUHS] Re: Other POSIX Candidates?

Theodore Ts'o wrote in <20240807234755.GB4511(a)mit.edu>: |On Wed, Aug 07, 2024 at 10:56:14PM +0200, Steffen Nurpmeso wrote: |> Btw how ridiculous is the view onto those Chinese Linux |> Distributions which put effort in making Linux POSIX compatible, |> and even pay money for making that official? | |Well, that's their choice. No US companies that I know of care about |POSIX compliance, so I don't know if any US-based distributions that |are paying money (or more importantly) engineer time, to make it |official. If Chinese distributions are investing resources in that |way, well.... that's there stupidity or maybe, a very good business |choice. :-) | |> I personally was *tremendously*, well, pissed, once one of those |> distributions was (just recently, ie, years later) not allowed to |> join the encrypted part of oss-security. |> Too much politics in a non-free world. | |In the real wrld things get complicated. In 2019 the US put export |restrictions for Huawei, which was interpreted at the time that public |discussions on open mailing lists relating to Linux was totally fine. |But there was some legal interpreations that direct |engineer-to-engineer e-mail might be considered lending assistance |that could potentially run afoul some of the export restrictions. I'm |not a lawyer, but an encrypted distribution to certain chinese |entities might be... complex from a legal perspective. Talk to your |corporate legal counsel for specific legal advice. | |Things are even worse with Russian companies, since the OFAC (Office |of Foreign Assets Controls, at https://ofac.trasury.gov) sanctions are |even more strict. Even if the exchange happens on an open source |mailing list, if the patches come from a sanctioned entity, or an |entity controlled by a sanctioned entity, and the patches say, contain |device drivers used by a Russian SOC that is known to be used in |Russin missiles used against Ukraine (completely hypothetically, of |course...) --- if a US based engineer accepts those patches, that's |considered rendering assistance to a sanctioned entity, and you and |your company have to file paperwork acknowledging that it was done |unknowingly, and the patches need to be reverted. Again, talk to your |friendly neighborhood legal counsel before you do anything with an |entity that may be from Russia, because the OFAC database of |sanctioned entities is constantly changing, and its search functions |are terribly primitive. Thanks for the answer. (I try to be strong and just hope *that* is over soon.) |The joys of being an open source maintainer in the 21st century.... |Not only do you have to worry about trojan horse constributions from |agents of the Chinese Ministry of State Security (ala xz), you also Aaaah! Not north korean, .. they are only out for the money. (And are blocked at github, like i think cuba, iran, whoever.) I see. I did not know that rock-solid argumentation (except for the lengthy commit time sleuthing posts). |have to worry about the US government and OFAC-administered sanctions. Yes i have read "small lip notices" by Kroah-Hartman on oss-security (before Linux "started emitting own CVEs"). That is no fun. Let's just hope we can somehow overcome all that. Good bye, ciao, and good night from Germany. Thanks. Now unfortunately i cannot keep my mouth shut, and it is likely that most people do not want to read this further. But it is all about (the remains of) Unix (aka free software world, mostly, with lots of people spending free time for the very famous https://xkcd.com/2347/) from a red flag waving NetBSD mailing-list, aka tech-pkg AT netbsd.org, from the 4th of April this year, while responding to an (american) email ending "I think we should really discuss this...", and pointing to https://joeyh.name/blog/entry/reflections_on_distrusting_xz, all of which i have forgotten. I apologise in advance. Sorry!!! Short: I am so disappointed that all the opportunities for bashing people have been omitted, like that you do not win wars. [.] jiat75 reads like dschiha:d, and 5.6.0 was shortly before ramadan Isn't it a shame that muslims are not valued enough for being real hacking threats, are they only good enough for kamikaze? (I love what Rainer Maria Rilke said about the Koran btw. In my bad bad translation it reads like "Islam is a 'religion of the undisguised space', of pure creature feeling: earth can be perceived as a 'pure star': 'creatureliness of the earth can appear pure and undisguised'".) And then (i apologize for quoting this, i did not know the maintainer was hm dissed over months) He publically mentioned his mental health issues multiple times, and -- sorry if i got that thread starter wrong even -- that may make people think of Jekyl and Hyde who then gets himself what he is actually worth, with schizophrenically (i am not an expert as you see) raising alert signs to others, like explicitly mentioning mental health issues. That reminds me that the Helter Skelter murders drive 55 today. Longer: I reverted to 5.4.0 locally. I looked at the ~half a dozen commits of jiat75 by then, and they looked good. But AlpineLinux stayed at 5.6.1, they simply autoreconf -vis or what, instead of using anything provided. There are a few hundred commits of jiat, and the poor original developer has to crawl through them. Then again i personally have my doubts and said so in public already. [Does not smell Chinese style imho, they have lots of autonomous regions with a whole lotta different "tribes" aka cultures. Granted the Han are the by far largest sort. But still. I mean, there *are* muslims, ok.] [now it cums. I mean, not that Iran shoots its own ships no more at the moment, as it did under Trump, but the Palestinians are where his son-in-law wanted them .. etc etc etc etc] And jiat75 reads like dschiha:d, and 5.6.0 was shortly before Ramadan, so i think it surely is a small-minded not even christian educated western-style desired-to-be-criminal. ... [*That* still *could* be Chinese nonetheless, of course.] And |One thing we need to discuss for sure is the blame game currently |being played by quite a few parties. "You merged a Jia Tan commit, [btw "jia tan" reads in german like "dschiha:d on", which is a particularly smart name for a chinese secret service guy] |you must be a plant as well!" Personally, I find the danger of that kind of [A German talking. I .. think .. with born-eastern experience, ..] |attitude turning away a lot of volunteers a lot more harmful. Here we are back at the famous https://xkcd.com/2347/. Technically .. well. Well, technically, i think much more sophisticated miracles were already seen in the past, in the end all the software and hardware designs are US controlled. Not that i would have been able to invent it, or even, do it. Now -- I must and wholeheartly do admit that i adore political Chinese cartoons, they still have the black wit that i miss so much in Germany, but which was still present when i was a younger man, say, thirty years ago, snappy cabaret artists like the "forever" unforgotten Dieter Hildebrandt etc etc. https://www.globaltimes.cn/cartoon/ curl --insecure -O https://www.globaltimes.cn/Portals/0/attachment/2024/2024-02-08/d4010c2b-f0… curl --insecure -O https://www.globaltimes.cn/Portals/0/attachment/2024/2024-02-19/fcb05453-26… curl --insecure -O https://www.globaltimes.cn/Portals/0/attachment/2023/2023-04-13/a3d522d5-2a… 300 KB, and i do admit they are very one-sided. | - Ted --End of <20240807234755.GB4511(a)mit.edu> I am sorry, dear Warren. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) | | Only during dog days: | On the 81st anniversary of the Goebbel's Sportpalast speech | von der Leyen gave an overlong hypocritical inauguration one. | The brew's essence of our civilizing advancement seems o be: | Total war - shortest war -> Permanent war - everlasting war