On Fri, Dec 7, 2018 at 2:12 PM Jeremy Stanley <fungi@yuggoth.org> wrote:
I've seen concern expressed in OpenStack and other free/libre open source software communities over the recent passage of the "Assistance and Access Bill 2018" by the Australian Parliament, and just want to say that I appreciate the trust relationships we've all built with our colleagues in many countries, including Australia. As someone who doesn't particularly agree with many of the laws passed in his own country, while I'm not going to encourage civil disobedience, I do respect that many have shown preference for it over compelled compromise of our community's established trust. I, for one, don't wish to return to the "bad old days" of the crypto wars, when major projects like OpenBSD refused contributions from citizens and residents of the USA. It's bad for project morale, excludes valuable input from people with a variety of perspectives, and it's just downright inefficient too.
The unfortunate truth is that anyone can be pressured at any time to derail, backdoor or otherwise compromise software and systems. A new law in one country doesn't change that. There are frequent news stories about government agencies installing covert interfaces in enterprise and consumer electronic devices alike through compulsion of those involved in their programming, manufacture and distribution. There's evidence of major standards bodies being sidetracked and steered into unwittingly approving flawed specifications which influential actors already know ways to circumvent. Over the course of my career I've had to make personal choices regarding installation and maintenance of legally-mandated systems for spying on customers and users. All we can ever hope for is that the relationships, systems and workflows we create are as resistant as possible to these sorts of outside influences.
Sure, ejecting people from important or sensitive positions within the project based on their nationality might be a way to send a message to a particular government, but the problem is bigger than just one country and we'd really all need to be removed from our posts for pretty much the same reasons. This robust community of trust and acceptance we've fostered is not a risk, it's another line of defense against erosion of our ideals and principles. Entrenched concepts like open design and public review help to shield us from these situations, and while there is no perfect protection it seems to me that secret compromise under our many watchful eyes is a much harder task than doing so behind the closed doors of proprietary systems development.
I really appreciate all the Australians who toil tirelessly to make OpenStack better, and am proud to call them friends and colleagues. I certainly don't want them to feel any need to resign from their valuable work because they're worried the rest of us can no longer trust them. -- Jeremy Stanley
++ well said. thank you for stating this so eloquently. peace o/