CassandrichI want someone (a real collaborator, not one of y'all as a joke) to try submitting a patch to musl adding a pw_dob field to struct passwd. I will roast and reject.
Ariadne Conill 🐰
@dalias I don't even want to figure that law out right now
@dalias my personal view is that most of fedi is rejecting a boogeyman created by lunduke
the california law is clearly intended for consumer OS with cloud services and app stores.
but importantly it has quite a few features that seem desirable
- the assured age bucket is configurable by the device owner
- it is not verified with third party services like persona
- app developers have to accept it as a valid age verification unless they have direct knowledge that the age verification is invalid (!)
the latter seems actually to be good, as there is less personal data processing happening. it makes it illegal for app developers to demand ID, they have to accept the attested signal.
I don't even know what shape, if any, compliance for a distro would look like, but most likely that information wouldnt be stored in /etc/passwd anyway.
most likely we would just have a daemon that generates attestations based on a configured age bracket. no libc changes needed 😵💫
@ariadne What about users who don't want that data stored on their computer to begin with, where it might leak due to vulnerabilities or badly-behaved applications?
And what apps would this even be serving? We're not like appstore platforms with sketchy apps that phone home to some service provider and want to report information abou the user. There's no possible thing any real native application that would be packaged could use this for.
But worst of all, complying is expressing a willingness to go along with ridiculous demands of a malicious government.
@ariadne Expressing that willingness is a betrayal of users and community. It's telling them whose concerns you deem valid and whose you don't.
@dalias sure, but if the alternative is that the state of california brings financial ruin on indie distribution maintainers, I can see why some don't want to risk their livelihood over such a stupid law
to reiterate, I don't think there is any practical risk of California coming after distros. this just isn't how the California grift machine works, they go after money.
but either way, if it were up to me, I would just slap "not for use in california" label on the alpine website and wait for silicon valley to fix the law.
@dalias that's my point: I don't think the law as written is intended to affect Linux distributions. I will worry about this when the state of california announces that they intend to enforce the law against distributions. they have not done so yet. I don't even think it's on the radar.
it makes sense for the commercial OS scenarios with cloud services and app stores. it fits what they are doing very well.
though, for example, Discord would be an example of a Linux app that would benefit from this law.