Linux

5539 readers

23 users here now

A community for everything relating to the linux operating system

Also check out !linux_memes@programming.dev

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

The Linux Kernel Hit A Decade Low In 2024 For The Number Of New Commits Per Year (www.phoronix.com)

submitted 4 days ago by neme@lemm.ee to c/linux@programming.dev

12 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Kissaki@programming.dev 1 points 2 days ago* (last edited 2 days ago)

We don’t need to trust anybody.

Reviewing every change and discovering every issue is unfeasible on multiple levels. Even skipping that fundamental, base level requirement; you need to trust in trustworthiness from submitters and reviewers, and that people review. You need to trust those maintainers that can push and pull and merge. You need to trust the builders and publishers and distributors.

I doubt you're reviewing every code change and compiling or verifying reproducible builds on every software and patch version you run. You put trust in the chain. And the chain decided to cut at some point because of risk.

Besides, the idea that employed developers with a Russian day job are a risk… but one fails to consider these were the honest ones who declared their day job.

So you think people do only one job and have only one concern? Do you think people of sanctioned countries, contributing to an unjust war, more or less directly, are a bad place to start reducing risks?

I feel like properly vetting commits to the kernel that does not involve the core contributors and maintainers too much is the way to go.

I'm baffled you can make this point while at the same time not accepting their decision after review, assessment, and consequence. You're asking them to review while not accepting their decision. From the same people.