A small set of people are merging changes to various Linux components to make sure every application knows your birth date.
This is being done rapidly by people with questionable justifications and being merged with no youth and few marginalized people involved.
@artemis I don't know why.
And I'd say "why are people complying at all?".
@feonixrift @dalias @wwahammy @artemis It's not complying "in advance". The California thing is *law* now. Sure, other jurisdictions are in progress, but the time between now and the next Linux distribution releases before the January 1, 2027 date isn't that long.
Everyone in the different community spaces that *do the work* are scrambling because being out of compliance is ludicrously expensive and there's not much time to be prepared. Even so, there *are* public discussions with patch review.
@neal @feonixrift @dalias @wwahammy @artemis I stated on the xdg mailing list that amendments are expected. We are working with Colorado legislators on language that would exclude effectively all open source operating systems and all embedded/server operating systems. This has a chance of making it to the California bill before it is effective.
I had a chance to demand polkit access controls be implemented on the accountsservice change but the systemd userdb change did not get that implemented.
@neal @feonixrift @dalias @wwahammy @artemis My recommendation would be to wait on merging any of these changes at least until we see if an amendment excluding floss is accepted in Colorado, I'd hope to see it within two months. The intention of the bill's sponsors, as I have heard, is not to fine or take to court countless volunteer projects.
The systemd change was particularly rushed. If it is used, it does nothing to protect PII from being read by a user's non-sandboxed applications.
Update on the Colorado Age Attestation bill: Everyone that participated in the meeting last week submitted proposed changes to the bill. They included good ideas to improve consumer protection and privacy and exempt open source software. Sen. Ball responded this morning that they'll now draft potential amendments. I think we're making good progress. I'm off for a ski weekend with the kids. Have a great weekend everyone!
It's good that someone is doing that. IBM seriously dropped the ball when it came to lobbying about this, given how it affects #RedHat. No-one even brought up the implications for #Unix-like operating systems in #California.
You're not the first person to talk about amending the California Bill. It's an Act now, not a Bill, though. It's nigh on impossible to supersede it before 2027-01-01.
The politics, as well as the physical realities of how long it takes to enact legislation, mean that there just isn't the time, even if the will could be drummed up.
The current Act took 8 months to pass, itself, and not only is there no-one in California really lobbying to fix this, there's also the political problem of seeming to want to carve a massive exemption in a law that only months ago passed through every stage in the legislature with zero 'no' votes.
https://mastodonapp.uk/@JdeBP/116175882841550437
@neal @feonixrift @dalias @wwahammy @artemis
#CaliforniaLaw #USLaw #FreeSoftware #AgeVerification
Actually, it doesn't.
But the legislative record does. The California legislature has detailed accounts of what was brought up, pro and con, in committee.
It shows that the only 'free' things that the objectors thought about, the only things recorded as formal objections by concerned parties, were gratis applications on Microsoft/Google/Apple App Stores, and a supposed effect on their development costs.
No-one mentioned the #Unix model of user accounts or the BSD/Linux-based/Illumos-based operating system models of application packaging.
That said, it really was up to someone like IBM to spot this and lobby at the very least for #RedHat and RPMs to be taken into consideration in the definitions of 'covered application store' and whatnot.
@soller @neal @feonixrift @wwahammy @artemis
#CaliforniaLaw #USLaw #AgeVerification
@JdeBP @neal @feonixrift @dalias @wwahammy @artemis Gavin Newsom's signing letter requested amendments for other cases prior to the law taking effect. I see no reason to give up on an exemption for floss being there before 2027.
https://www.gov.ca.gov/wp-content/uploads/2025/10/AB-1043-Signing-Message.pdf
You should. Because the problem will be a lot of #California legislators having to be convinced that what they just did, not even in a prior legislative session, was wrong enough for a political U-turn; and then come up with a way of fixing this so that it does not broadly encompass pretty much any operating system with a ports/packages system for applications, *without* letting the targets that they *thought* that they were hitting (given the records of the passage through committee stages) off the hook; and *then* fight the organized lobby that clearly is behind this almost exactly the same bill text appearing in Colorado, Illinois, and New York as well, reacting with a #FreeSoftware-people-want-to-harm-children campaign.
2027-01-01 is simply too near a deadline for all that to happen before. Colorado, Illinois, and New York have a chance, as it's still Bills there; but it's too late in practical terms for California.
@JdeBP @soller @neal @feonixrift @wwahammy @artemis What is your goal in saying that? What result do you expect or want it to have? How do you expect anything to be better from you saying that, versus if you had shut up and said nothing at all?
If you don't have good answers to those questions you should step back and leave this to people who do have good intents.
Without a doubt if people are now paying attention and lobbying. The immediate problem is the chance that @soller mentioned of them happening before the provisions of the #California Act take effect on 2027-01-01. It's slim to none.
The slightly further away problem is finding how to express the difference in legal terms. It's actually quite hard to come up with something that doesn't as a side-effect let #FDroid off the hook. They'll want to keep F-Droid in the 'covered' camp, because it's exactly the sort of smart 'phone thing that they *thought* that they were covering, so the law cannot just exempt a 'store' solely on the grounds that it distributes #FreeSoftware.
Colorado came up with an addition to the common base text that grants exemptions for intra-business use. But that's an exemption for developers, not for operating system makers, based upon application purpose; so isn't much use to follow.
I gave this some thought at the start of March. There are a number of blind alleys.
The Microsoft Store is obviously a direct target here, but Microsoft Windows is a multi-user operating system; so the operating system having multiple local user accounts is not a way to structure an exemption.
The likes of Debian, Ubuntu, RedHat, FreeBSD, et al. use accountless access to repositories, whereas one has to use a Google Account with Google Play and a Microsoft Account with the Microsoft Store. But F-Droid is seemingly accountless too so that sort of exemption would let it off the hook.
Maybe one could get somewhere with tweaking the definition of a 'covered user' to make it specific to operating systems where Microsoft/Google/AppleID/whatever accounts functionally *are* the operating system user accounts.
Several ways still to draft that badly, though.
@neal @feonixrift @dalias @artemis
#ColoradoLaw #AgeVerification #USLaw
@neal @feonixrift @wwahammy @artemis No, there is a law that says something.
t's unclear what it's intended to apply to.
It does not define "operating system" in any adequate way to know what it applies to.
It's probably not Linux distributions; the assumptions are all built around walled-garden platforms.
Even if it did, it's not clear who the provider with an obligation to comply would be.
Nobody pushing or accepting these patches has has brought serious legal opinions into any public discourse.
They have not considered whether storing age/DoB might violate other laws.
All of this is textbook "complying in advance".
@MisuseCase @dalias @wwahammy @artemis
And it's absolutely doing my fucking head IN, that we have all these people saying, "Oh welp it's the law" like all of this shit is a totally normal obvious foregone conclusion, immutable law of the land no takes backsies look they all voted for it blah blah blah blah
MEANWHILE BOMBING HOSPITALS IS TOTALLY COOL AND INTERNATIONAL LAW MEANS NOTHING WHATSOEVER SO MUCH WET TISSUE PAPER
People sure pick and choose which laws to act like they care about. Jumping to comply this far in advance of shit designed to destroy ALL PRIVACY and digital freedom is entirely fucked.
Eric Schultz
Artemysia
Cassandrich
d.rift
Neal Gompa (ニール・ゴンパ) 
Jeremy Soller 🦀
JdeBP
ben
Misuse Case
Violet Madder