On Thu, Feb 06, 2025 at 09:58:36AM -0800, Linus Torvalds wrote:
Good morning to everyone.
> On Thu, 6 Feb 2025 at 01:19, Hector Martin <marcan@xxxxxxxxx> wrote:
> >
> > If shaming on social media does not work, then tell me what does,
> > because I'm out of ideas.
> Because if we have issues in the kernel development model, then
> social media sure as hell isn't the solution. The same way it sure
> as hell wasn't the solution to politics.
>
> Technical patches and discussions matter. Social media brigading - no
> thank you.
I truely wish that technical patches and discussions were the currency
that matter but I believe we are struggling with that, at least in
some venues in the kernel development process.
No one should construe that statement as an endorsement of berating
people on social media as the 'fix'.
I come at this from the perspective of having worked on Linux since
around December of 1991. I first met you and Tove in 1995 at the Free
Software Conference at MIT that Stallman sponsored. When we first
met, I told you that cancer patients in North Dakota were enjoying
more time with their families because of what we were able to do with
Linux and optimizing medical processes at our Cancer Center.
RedHat paid me to speak at a number of conferences in the 90's talking
about how Linux was going to dominate enterprise computing, given that
it was about technology people doing the 'right' technology thing.
I'm seeing things that make me regret those words.
Probably the last technical contribution of my career is leading an
initiative to provide the Linux community a generic security modeling
architecture. Not to supplant or replace anything currently being
done, but to provide a flexible alternative to the development of
alternate and/or customized workload models, particularly in this era
of machine learning and modeling.
Four patch series over two years, as of yesterday, not a single line
of code ever reviewed.
For a contribution that touches nothing outside of its own directory
and does nothing unless people choose to execute a workload under its
control.
We were meticulous in our submissions to avoid wasting maintainers
time. We even waited two months without hearing a word before we sent
an inquiry as to the status of one of the submissions. We were told,
rather curtly, that anything we sent would likely be ignored if we
ever inquired about them.
We tried to engage, perhaps to excess, in technical discussions
attempting to explain why and how we chose to implement what we were
proposing. Including input from advisors who are running production
IT systems that feel that there needs to be better approaches to
addressing their security needs.
There were never any relevant technical exchanges. The discussion
consisted of, we have decided to do things a certain way, no
discussion, if you don't like that you should really consider doing
something other than submitting to upstream Linux.
The all powerful sub-system maintainer model works well if the big
technology companies can employ omniscient individuals in these roles,
but those types are a bit hard to come by. Lacking that, there is the
tangible risk of stifling innovation and Linux is the only place that
innovation can occur in the operating system space.
Not sure what the fix is, from a project management perspective the
technology industry has never faced a challenge like this. The fork
model, which was the classic protection in open-source, doesn't work
at this scale.
We have a Code Of Conduct that we can't scream or hurl four letter
words and insults at one another. Maybe it already exists but a Code
Of Standards for maintainers would seem to be an imperative if we are
going to move forward productively. Jim are you listening?
Obviously respect and open-mindedness to new ideas appears to be the
grease that makes all of this run smoothly. Unfortunately that seems
to be about as rare a commodity as omniscience in our industry.
> Linus
Linus, best wishes to you and your family, it has been a fascinating
ride and thing to watch.
As always,
Dr. Greg
The Quixote Project - Flailing at the Travails of Cybersecurity
https://github.com/Quixote-Project
