Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Following the Russian invasion of Ukraine, nations have sought to remove themselves from Russian influence, for example over fuel supply lines etc and introduced sanctions on import/exports. Many Linux distros originate within Russia and their sphere of influence. Is it time to consider the possible ramifications of this? Is it time to call a halt to Russian distros and others associated with them? Should mirrors stop propagating them? Is it now time for there to be an organization suitably equipped to forensically test suspect distros?
Last edited by Mark B; 07-04-2022 at 06:11 PM.
Reason: spelling mistake.. sausage fingers :)
If you don't feel comfortable, don't use it. There are plenty of choices.
My main concern would be whether the distro is state-sponsored. I wouldn't touch Red Star Linux with a 50ft pole. But I think we shouldn't assume that just because something is built in a certain area, the software is nefarious.
Is it now time for there to be an organization suitably equipped to forensically test suspect distros?
What happened to "with enough eyes all bugs are shallow" or whatever was said? If that is true then people will find the bad stuff they may or may not put in the code. If it's not then the whole security model of open source just got blown apart and we should all walk away right now.
Or is this a politically based viewpoint?
Last edited by jmgibson1981; 07-04-2022 at 08:04 PM.
Several "brands" of software originating in Russia are now homed and supported outside of Russia. The atmosphere INSIDE Russia had become oppressive even BEFORE the snactions went into effect, and It people have been leaving the country so they could continue their work.
I would check with the developer and maintainer groups, just to ensure that the distribution is not supporting the Russian economy. (Or at least, not directly). I would not abandon members of a good team without adequate reason.
Given the Snowden leaks, it's pretty clear one can't trust anything coming out of the U.S. either.
I guess the real risk is more likely to be whether someone living under the Russian regime could be coerced into bad action. But then again, the U.S. isn't above applying "pressure" when it wants to. The TrueCrypt project shutdown was widely suspected to be a result of such pressure. And then there was the Dual_EC_DRBG backdoor debacle a few year back.
Let's face it. If you're running anything newer than a 486 it's probably already can't be trusted.
I wonder though. The Russians are pretty notorious for cyberwarfare. Could we really trust anything they produced?
Well,... the US, Israel, Uk and Germany have all been caught doing that too. I'd love to have the ability to be invisible (like on a scifi movie) so that I could go into some of the CIA, NSA building and see what they are up to.
Well,... the US, Israel, Uk and Germany have all been caught doing that too. I'd love to have the ability to be invisible (like on a scifi movie) so that I could go into some of the CIA, NSA building and see what they are up to.
I have only been in one or two of those buildings. In any areas where you could find out what anyone is up to, no fly would be allowed. Just sayin'
download the source offered to the world and build it yourself, if you distrust their binaries.
if you are concerned about them getting Linux, it's too late. the community there is (or at least was) huge and there are several Russian language distros. rumor is that Uncle Vlad even uses Linux out of distrust of USA, et al., although he could work in German if his language skills are still sharp.
"It's a great big world out there," and software systems like Linux really don't care about "world politics." Nor should we. Because we have work to do. 'Nuff said.
Sorry, but I cannot give reputation to the same post more than once... Reputation-points 2 to 10 are here:
Linux is not about thrill and buzz. That's Windows. You mixed something up.
(I would not trust an OS that is of 100% US-American origin)
Last edited by Michael Uplawski; 07-06-2022 at 06:19 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.