Eric Schultz1d ago

A small set of people are merging changes to various Linux components to make sure every application knows your birth date.

This is being done rapidly by people with questionable justifications and being merged with no youth and few marginalized people involved.

https://gitlab.freedesktop.org/accountsservice/accountsservice/-/merge_requests/176#0b07c0cc4d49be119f65cdb2037440f56eed647a

user: Add BirthDate with polkit-gated GetBirthDate and SetBirthDate methods (!176) · Merge requests · accountsservice / accountsservice · GitLab

Summary Add a BirthDate field to the user account interface. For non-homed users, the value is stored...

GitLab
Show threadArtemysia1d ago
@wwahammy why the fuck are people complying in advance? Where is the commitment to software freedom?
Show threadEric Schultz1d ago

@artemis I don't know why.

And I'd say "why are people complying at all?".

Show threadCassandrich1d ago
@wwahammy @artemis Everyone involves in proposing and merging these needs to be deemed untrustworthy and unwelcome in real FOSS.
Show threadEric Schultz1d ago
@dalias @artemis 1000% agree. It's shameful.
Show threadCassandrich1d ago
@wwahammy @artemis Like seriously. Even if you weren't going to consider complying with this unthinkable, adopting something like this that's a policy matter should be a process that requires a proposal and feedback from the community, with a long enough time window for that to happen. Not rushed-through changes by shadowy actors who show up just to do what some malicious external authority demands.
Show threadd.rift1d ago
@dalias @wwahammy @artemis This. Compliance can look like foot dragging and endless committee meetings about how exactly to comply with unclear and contradictory regulation. The Debian list posts noting that compliance in one jurisdiction could be violation in another are a great beginning of sitting down and engineering a feature to either death or satisfaction, which is what actual legal compliance looks like; ad-hoc implementations don't have enough lawyers involved to legally function.
Show threadNeal Gompa (ニール・ゴンパ) 1d ago

@feonixrift @dalias @wwahammy @artemis It's not complying "in advance". The California thing is *law* now. Sure, other jurisdictions are in progress, but the time between now and the next Linux distribution releases before the January 1, 2027 date isn't that long.

Everyone in the different community spaces that *do the work* are scrambling because being out of compliance is ludicrously expensive and there's not much time to be prepared. Even so, there *are* public discussions with patch review.

Show threadNeal Gompa (ニール・ゴンパ) 1d ago
@feonixrift @dalias @wwahammy @artemis And as @soller has pointed out in multiple locations, unlike most doctrines, this one is fairly simple and written in plain language. It's pretty understandable what is required. We are also anticipating expansion of age verification laws in other jurisdictions (UK, Australia, France, Canada, etc.). But nobody is implementing anything that isn't law right now. And an implementation that exists also influences what laws can ask for in the future too.
Show threadJeremy Soller 🦀1d ago

@neal @feonixrift @dalias @wwahammy @artemis I stated on the xdg mailing list that amendments are expected. We are working with Colorado legislators on language that would exclude effectively all open source operating systems and all embedded/server operating systems. This has a chance of making it to the California bill before it is effective.

I had a chance to demand polkit access controls be implemented on the accountsservice change but the systemd userdb change did not get that implemented.

Show threadJeremy Soller 🦀

@neal @feonixrift @dalias @wwahammy @artemis My recommendation would be to wait on merging any of these changes at least until we see if an amendment excluding floss is accepted in Colorado, I'd hope to see it within two months. The intention of the bill's sponsors, as I have heard, is not to fine or take to court countless volunteer projects.

The systemd change was particularly rushed. If it is used, it does nothing to protect PII from being read by a user's non-sandboxed applications.

Mar 21 at 1:02pmWeb
Show threadJeremy Soller 🦀1d ago
@neal @feonixrift @dalias @wwahammy @artemis https://fosstodon.org/@carlrichell/116261853481052659
Carl Richell (@[email protected])

Update on the Colorado Age Attestation bill: Everyone that participated in the meeting last week submitted proposed changes to the bill. They included good ideas to improve consumer protection and privacy and exempt open source software. Sen. Ball responded this morning that they'll now draft potential amendments. I think we're making good progress. I'm off for a ski weekend with the kids. Have a great weekend everyone!

Fosstodon