@oblomov of course there was. How do you think it helps to pretend otherwise?

@kirb

@oblomov how not? do you imagine that the law simply goes away if you wish hard enough, or do you think that people in (e.g.) california should simply be forced to use windows or macos instead?

@kirb

@benjamineskola @oblomov @kirb Who is an Operating System Provider in case of Linux system? To cite the definition from the California bill itself:

“Operating system provider” means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.

Linux OSs are made up multiple parts made by multiple different parties, the bill does not have clear enough definition to distinguish who should be responsible with implementation of that bill in my opinion. This is rather clear with Microsoft and Apple, but not with Linux.

@Frisk Good luck arguing that in court!

The problem is that it’s very easy to think up theories like this, but there’s every chance that a judge will decide that there’s a clear meaning that _does_ included FOSS projects — and I don’t think such an interpretation is completely unreasonable. We clearly think of Debian (for example) as an operating system distributed by the Debian project, etc, even if we know that its components come from elsewhere.

The other problem here I think is that it doesn’t seem fair to expect others to bear the risk. I am not one of the people who might be sued as a result of this; so what right do I have to tell the people who *are* at risk of being sued that they should do nothing to protect themselves, and just wait to get sued? I think civil disobedience is a great idea but it’s something that people need to choose for themselves, not to do armchair activism over the internet.

@benjamineskola Not sure what I did to deserve such a tone in your response (first sentence being an exclamation, calling what I suppose is asking a question "armchair activism"), to me I've asked a genuine practical question, because I really don't know the answer to it and I don't think law has one either.

The bill was clearly made in mind with proprietary operating systems, if it was otherwise I believe it would have been more thorough with its definition.

I do agree that the judge would probably rule in one way or another against FOSS community, that's a real risk, though I really do question enforceability of such a bill in real scenarios for Linux (and therefore your statement that it's very obvious a specific project has to implement it) because it's unclear who is responsible for implementation and if anything it *should* be the legislative branch at fault.

It is especially problematic, because newer bills are going one step further and requiring OSs to age assure users[1] (which is no longer a request to provide age by the user, but rather require OSs to verify age using a method). How is FOSS going to respond to that? Is every Linux distribution going to be equipped with spy tech? Where does this madness end?

[1]: https://www.theregister.com/2026/03/06/os_age_verification/

@Frisk This is not directed personally at you, but I think a lot of tech people have a certain belief about the way they think the law 'should' behave. Laws should be written rationally and logically and if the law leaves something for interpretation then it's a bad law.

But in practice laws are written in a somewhat abstract way, and it is up to the courts to decide whether they apply to a certain situation, and they will often try to understand what could 'reasonably' be meant by the text of the law and so on.

That means it's not safe to rely on trying to find 'technicalities'. If you think 'well, technically Debian doesn't "produce, licence, or control" the software so it's safe'. It's quite reasonable to decide that Debian has some 'control' over the system (by selecting software for distribution and controlling the infrastructure by which it is distributed).

So I think projects like Debian need to assume for their own safety that this applies to them until it's proven otherwise.

(Btw: I am also not in the US and would love US problems not to affect the rest of the world.)

@Frisk Also to add: I think the very nature of a free operating system makes it impossible to make these checks mandatory in practice. Any user will always be able to bypass them.

All systemd has done is to make it *possible* to *record* the age of the user, in order to build an age verification feature. And even if a distribution did enable an age verification feature based on this, it would always be possible for the user to bypass it.

So I have very little patience for people who behave like systemd developers are some malicious cult taking over the Linux world by deception.

@benjamineskola I see, thank you for clarification regarding who armchair activists was directed at, I'm glad my assumption was false.

I agree with you in full. I personally don't want FOSS devs to be liable for this, I love FOSS devs for what they do, it's a thankless job.

I do believe there is more FOSS devs could have done. I think that's my main issue with all of this. Opening ceremony of 38C3 comes to my mind when I think of it all. We as hackers have a lot of power, and I do think that there is plenty of space for resistance or malicious compliance that many developers just don't use because they personally may even agree with actions taken by the governments.

Unfortunately tech world is very US centric, I don't think that if for example Uzbekistan decided to pass legislation such as the one California adopted, but in 2016, OS maintainers would run to comply as fast as they do now for Californian law. If African country required LGBT content blocks on OS level I don't think OS maintainers would care about compliance either (I hope I'm not wrong).

For the record, I don't believe systemd developers is malicious cult or anything like that. I do believe however that it is a mistake to accept those changes with little question as I saw in those PRs (though I probably don't take into consideration potential discussion beforehand in other channels).